################################################################ # abuse.ch URLhaus IDS ruleset (Snort / Suricata) # # Last updated: 2024-05-05 08:11:06 (UTC) # # # # Terms Of Use: https://urlhaus.abuse.ch/api/ # # For questions please contact urlhaus [at] abuse.ch # ################################################################ # # url alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.152.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838680/; classtype:trojan-activity;sid:83701780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.239.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838679/; classtype:trojan-activity;sid:83701779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.242.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838678/; classtype:trojan-activity;sid:83701778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.192.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838677/; classtype:trojan-activity;sid:83701777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.248.127.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838676/; classtype:trojan-activity;sid:83701776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838674/; classtype:trojan-activity;sid:83701774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838675/; classtype:trojan-activity;sid:83701775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838673/; classtype:trojan-activity;sid:83701773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838671/; classtype:trojan-activity;sid:83701771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838670)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838670/; classtype:trojan-activity;sid:83701770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.101.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838668/; classtype:trojan-activity;sid:83701768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838669/; classtype:trojan-activity;sid:83701769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.185.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838667/; classtype:trojan-activity;sid:83701767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.23.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838666/; classtype:trojan-activity;sid:83701766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.221.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838665/; classtype:trojan-activity;sid:83701765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.238.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838664/; classtype:trojan-activity;sid:83701764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838663/; classtype:trojan-activity;sid:83701763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838662)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.217.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838662/; classtype:trojan-activity;sid:83701762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838661/; classtype:trojan-activity;sid:83701761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.173.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838660/; classtype:trojan-activity;sid:83701760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838659/; classtype:trojan-activity;sid:83701759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838658/; classtype:trojan-activity;sid:83701758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838657/; classtype:trojan-activity;sid:83701757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838656/; classtype:trojan-activity;sid:83701756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838654/; classtype:trojan-activity;sid:83701754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838655/; classtype:trojan-activity;sid:83701755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838653/; classtype:trojan-activity;sid:83701753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.174.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838651/; classtype:trojan-activity;sid:83701751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.17.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838652/; classtype:trojan-activity;sid:83701752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838650/; classtype:trojan-activity;sid:83701750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.138.242.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838649/; classtype:trojan-activity;sid:83701749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.234.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838648/; classtype:trojan-activity;sid:83701748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.174.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838645/; classtype:trojan-activity;sid:83701745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.20.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838646/; classtype:trojan-activity;sid:83701746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.237.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838647/; classtype:trojan-activity;sid:83701747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.138.255.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838644/; classtype:trojan-activity;sid:83701744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.0.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838643/; classtype:trojan-activity;sid:83701743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.190.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838641/; classtype:trojan-activity;sid:83701741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838639/; classtype:trojan-activity;sid:83701739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.169.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838640/; classtype:trojan-activity;sid:83701740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838638/; classtype:trojan-activity;sid:83701738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.38.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838637/; classtype:trojan-activity;sid:83701737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.163.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838636/; classtype:trojan-activity;sid:83701736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838635/; classtype:trojan-activity;sid:83701735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.64.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838634/; classtype:trojan-activity;sid:83701734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838633/; classtype:trojan-activity;sid:83701733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.52.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838631/; classtype:trojan-activity;sid:83701731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.209.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838632/; classtype:trojan-activity;sid:83701732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838628/; classtype:trojan-activity;sid:83701728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.175.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838629/; classtype:trojan-activity;sid:83701729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838630/; classtype:trojan-activity;sid:83701730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838627/; classtype:trojan-activity;sid:83701727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.174.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838626/; classtype:trojan-activity;sid:83701726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.194.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838625/; classtype:trojan-activity;sid:83701725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838623)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1091462820069118054/1236274464740741151/djs-embeds.exe|3f|ex=663769d1|7c|26|7c|is=66361851|7c|26|7c|hm=59c574848a25d701c41a41c26159e34d4f192e12b42d177e4a124c85bdf9e9a2|7c|26|7c|"; http_uri; depth:190; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838623/; classtype:trojan-activity;sid:83701723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.208.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838622/; classtype:trojan-activity;sid:83701722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.244.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838620/; classtype:trojan-activity;sid:83701720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.64.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838619/; classtype:trojan-activity;sid:83701719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.6.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838618/; classtype:trojan-activity;sid:83701718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.237.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838616/; classtype:trojan-activity;sid:83701716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.48.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838617/; classtype:trojan-activity;sid:83701717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.48.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838615/; classtype:trojan-activity;sid:83701715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.52.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838614/; classtype:trojan-activity;sid:83701714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.57.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838613/; classtype:trojan-activity;sid:83701713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.239.77.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838612/; classtype:trojan-activity;sid:83701712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838611/; classtype:trojan-activity;sid:83701711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.34.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838610/; classtype:trojan-activity;sid:83701710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.92.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838609/; classtype:trojan-activity;sid:83701709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.129.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838608/; classtype:trojan-activity;sid:83701708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"89.208.66.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838607/; classtype:trojan-activity;sid:83701707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.23.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838605/; classtype:trojan-activity;sid:83701705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.182.189.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838604/; classtype:trojan-activity;sid:83701704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.105.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838600/; classtype:trojan-activity;sid:83701700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.36.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838601/; classtype:trojan-activity;sid:83701701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.194.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838602/; classtype:trojan-activity;sid:83701702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838599/; classtype:trojan-activity;sid:83701699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838598/; classtype:trojan-activity;sid:83701698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.19.157.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838596/; classtype:trojan-activity;sid:83701696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.50.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838593/; classtype:trojan-activity;sid:83701693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838594)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.83.1.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838594/; classtype:trojan-activity;sid:83701694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838595/; classtype:trojan-activity;sid:83701695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838591/; classtype:trojan-activity;sid:83701691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.165.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838590/; classtype:trojan-activity;sid:83701690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.27.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838589/; classtype:trojan-activity;sid:83701689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838587/; classtype:trojan-activity;sid:83701687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.36.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838588/; classtype:trojan-activity;sid:83701688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838586)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.130.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838586/; classtype:trojan-activity;sid:83701686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.92.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838584/; classtype:trojan-activity;sid:83701684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.134.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838582/; classtype:trojan-activity;sid:83701682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.23.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838581/; classtype:trojan-activity;sid:83701681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.161.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838580/; classtype:trojan-activity;sid:83701680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.26.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838578/; classtype:trojan-activity;sid:83701678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.183.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838577/; classtype:trojan-activity;sid:83701677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.202.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838576/; classtype:trojan-activity;sid:83701676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838575/; classtype:trojan-activity;sid:83701675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.250.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838574/; classtype:trojan-activity;sid:83701674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.147.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838573/; classtype:trojan-activity;sid:83701673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.34.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838572/; classtype:trojan-activity;sid:83701672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.254.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838571/; classtype:trojan-activity;sid:83701671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838570/; classtype:trojan-activity;sid:83701670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838569/; classtype:trojan-activity;sid:83701669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838568/; classtype:trojan-activity;sid:83701668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.34.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838567/; classtype:trojan-activity;sid:83701667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838566/; classtype:trojan-activity;sid:83701666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.18.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838564/; classtype:trojan-activity;sid:83701664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.227.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838561/; classtype:trojan-activity;sid:83701661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.183.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838562/; classtype:trojan-activity;sid:83701662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.92.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838560/; classtype:trojan-activity;sid:83701660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.113.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838559/; classtype:trojan-activity;sid:83701659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.26.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838557/; classtype:trojan-activity;sid:83701657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.254.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838558/; classtype:trojan-activity;sid:83701658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838555/; classtype:trojan-activity;sid:83701655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.111.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838554/; classtype:trojan-activity;sid:83701654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.24.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838553/; classtype:trojan-activity;sid:83701653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.113.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838552/; classtype:trojan-activity;sid:83701652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838550/; classtype:trojan-activity;sid:83701650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838549)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.234.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838549/; classtype:trojan-activity;sid:83701649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.120.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838548/; classtype:trojan-activity;sid:83701648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.78.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838547/; classtype:trojan-activity;sid:83701647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.49.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838546/; classtype:trojan-activity;sid:83701646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.227.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838545/; classtype:trojan-activity;sid:83701645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838544/; classtype:trojan-activity;sid:83701644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838542/; classtype:trojan-activity;sid:83701642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.22.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838541/; classtype:trojan-activity;sid:83701641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.182.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838538/; classtype:trojan-activity;sid:83701638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.234.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838536/; classtype:trojan-activity;sid:83701636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.227.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838534/; classtype:trojan-activity;sid:83701634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838533/; classtype:trojan-activity;sid:83701633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.22.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838532/; classtype:trojan-activity;sid:83701632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.83.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838531/; classtype:trojan-activity;sid:83701631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838529/; classtype:trojan-activity;sid:83701629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.201.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838530/; classtype:trojan-activity;sid:83701630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.234.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838527/; classtype:trojan-activity;sid:83701627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838526/; classtype:trojan-activity;sid:83701626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.79.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838525/; classtype:trojan-activity;sid:83701625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.119.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838524/; classtype:trojan-activity;sid:83701624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.1.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838523/; classtype:trojan-activity;sid:83701623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.207.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838522/; classtype:trojan-activity;sid:83701622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838520/; classtype:trojan-activity;sid:83701620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.35.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838519/; classtype:trojan-activity;sid:83701619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.34.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838518/; classtype:trojan-activity;sid:83701618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.162.62.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838517/; classtype:trojan-activity;sid:83701617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.83.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838516/; classtype:trojan-activity;sid:83701616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838514/; classtype:trojan-activity;sid:83701614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838513/; classtype:trojan-activity;sid:83701613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.251.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838512/; classtype:trojan-activity;sid:83701612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.74.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838511/; classtype:trojan-activity;sid:83701611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838510/; classtype:trojan-activity;sid:83701610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.204.168.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838509/; classtype:trojan-activity;sid:83701609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.23.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838507/; classtype:trojan-activity;sid:83701607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838508/; classtype:trojan-activity;sid:83701608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.1.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838505/; classtype:trojan-activity;sid:83701605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.207.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838504/; classtype:trojan-activity;sid:83701604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.195.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838503/; classtype:trojan-activity;sid:83701603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838502/; classtype:trojan-activity;sid:83701602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.115.240.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838501/; classtype:trojan-activity;sid:83701601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838500/; classtype:trojan-activity;sid:83701600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.63.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838499/; classtype:trojan-activity;sid:83701599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.196.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838497/; classtype:trojan-activity;sid:83701597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.122.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838496/; classtype:trojan-activity;sid:83701596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.33.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838495/; classtype:trojan-activity;sid:83701595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.59.84.143"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838493/; classtype:trojan-activity;sid:83701593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838492/; classtype:trojan-activity;sid:83701592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.35.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838491/; classtype:trojan-activity;sid:83701591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838487/; classtype:trojan-activity;sid:83701587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838484/; classtype:trojan-activity;sid:83701584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.162.62.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838483/; classtype:trojan-activity;sid:83701583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.240.233.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838481/; classtype:trojan-activity;sid:83701581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.43.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838480/; classtype:trojan-activity;sid:83701580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.61.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838479/; classtype:trojan-activity;sid:83701579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.72.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838478/; classtype:trojan-activity;sid:83701578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.122.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838477/; classtype:trojan-activity;sid:83701577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.156.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838476/; classtype:trojan-activity;sid:83701576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838475/; classtype:trojan-activity;sid:83701575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.118.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838474/; classtype:trojan-activity;sid:83701574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.180.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838472/; classtype:trojan-activity;sid:83701572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.34.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838471/; classtype:trojan-activity;sid:83701571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.150.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838469/; classtype:trojan-activity;sid:83701569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.223.27.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838470/; classtype:trojan-activity;sid:83701570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.33.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838468/; classtype:trojan-activity;sid:83701568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.115.240.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838467/; classtype:trojan-activity;sid:83701567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.2.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838465/; classtype:trojan-activity;sid:83701565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.79.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838463/; classtype:trojan-activity;sid:83701563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.180.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838462/; classtype:trojan-activity;sid:83701562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.86.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838461/; classtype:trojan-activity;sid:83701561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.240.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838460/; classtype:trojan-activity;sid:83701560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.19.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838459/; classtype:trojan-activity;sid:83701559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.67.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838457/; classtype:trojan-activity;sid:83701557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.65.154"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838455/; classtype:trojan-activity;sid:83701555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.90.25.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838454/; classtype:trojan-activity;sid:83701554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838451/; classtype:trojan-activity;sid:83701551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838450/; classtype:trojan-activity;sid:83701550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.43.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838449/; classtype:trojan-activity;sid:83701549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.217.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838448/; classtype:trojan-activity;sid:83701548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838447/; classtype:trojan-activity;sid:83701547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838444)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838444/; classtype:trojan-activity;sid:83701544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838445)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838445/; classtype:trojan-activity;sid:83701545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838443/; classtype:trojan-activity;sid:83701543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.229.188.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838442/; classtype:trojan-activity;sid:83701542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.19.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838439/; classtype:trojan-activity;sid:83701539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.178.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838440/; classtype:trojan-activity;sid:83701540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.19.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838436/; classtype:trojan-activity;sid:83701536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838431/; classtype:trojan-activity;sid:83701531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.243.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838430/; classtype:trojan-activity;sid:83701530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.46.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838428/; classtype:trojan-activity;sid:83701528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.134.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838427/; classtype:trojan-activity;sid:83701527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838426/; classtype:trojan-activity;sid:83701526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838425/; classtype:trojan-activity;sid:83701525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.88.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838423/; classtype:trojan-activity;sid:83701523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.81.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838424/; classtype:trojan-activity;sid:83701524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838411)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838411/; classtype:trojan-activity;sid:83701511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838402)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838402/; classtype:trojan-activity;sid:83701502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838403)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838403/; classtype:trojan-activity;sid:83701503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838404)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838404/; classtype:trojan-activity;sid:83701504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838405)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838405/; classtype:trojan-activity;sid:83701505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838406)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838406/; classtype:trojan-activity;sid:83701506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838407)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838407/; classtype:trojan-activity;sid:83701507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838408)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838408/; classtype:trojan-activity;sid:83701508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838409)"; flow:established,from_client; content:"GET"; http_method; content:"/0xh0roxxnavebusyoo.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"185.216.70.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838409/; classtype:trojan-activity;sid:83701509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838410)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"185.216.70.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838410/; classtype:trojan-activity;sid:83701510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838398)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838398/; classtype:trojan-activity;sid:83701498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838399)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838399/; classtype:trojan-activity;sid:83701499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838400)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838400/; classtype:trojan-activity;sid:83701500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838401)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838401/; classtype:trojan-activity;sid:83701501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838395)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838395/; classtype:trojan-activity;sid:83701495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838396)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838396/; classtype:trojan-activity;sid:83701496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838397)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838397/; classtype:trojan-activity;sid:83701497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838392)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838392/; classtype:trojan-activity;sid:83701492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838393)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838393/; classtype:trojan-activity;sid:83701493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838394)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838394/; classtype:trojan-activity;sid:83701494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838387)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838387/; classtype:trojan-activity;sid:83701487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838388)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838388/; classtype:trojan-activity;sid:83701488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838389)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838389/; classtype:trojan-activity;sid:83701489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838390)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838390/; classtype:trojan-activity;sid:83701490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838391)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838391/; classtype:trojan-activity;sid:83701491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838384)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838384/; classtype:trojan-activity;sid:83701484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838385)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838385/; classtype:trojan-activity;sid:83701485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838386)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838386/; classtype:trojan-activity;sid:83701486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838383)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.216.70.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838383/; classtype:trojan-activity;sid:83701483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838382)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838382/; classtype:trojan-activity;sid:83701482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838375)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838375/; classtype:trojan-activity;sid:83701475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838376)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838376/; classtype:trojan-activity;sid:83701476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838377)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838377/; classtype:trojan-activity;sid:83701477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838378)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838378/; classtype:trojan-activity;sid:83701478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838379)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838379/; classtype:trojan-activity;sid:83701479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838380)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838380/; classtype:trojan-activity;sid:83701480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838381)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838381/; classtype:trojan-activity;sid:83701481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838369)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838369/; classtype:trojan-activity;sid:83701469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838370)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838370/; classtype:trojan-activity;sid:83701470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838371)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838371/; classtype:trojan-activity;sid:83701471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838372)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838372/; classtype:trojan-activity;sid:83701472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838373)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838373/; classtype:trojan-activity;sid:83701473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838374)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838374/; classtype:trojan-activity;sid:83701474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838365)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838365/; classtype:trojan-activity;sid:83701465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838366)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838366/; classtype:trojan-activity;sid:83701466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838367)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838367/; classtype:trojan-activity;sid:83701467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838368)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.131.9.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838368/; classtype:trojan-activity;sid:83701468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838364)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"178.23.190.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838364/; classtype:trojan-activity;sid:83701464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838363)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"85.239.34.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838363/; classtype:trojan-activity;sid:83701463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838362)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838362/; classtype:trojan-activity;sid:83701462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.204.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838361/; classtype:trojan-activity;sid:83701461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.24.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838360/; classtype:trojan-activity;sid:83701460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838358/; classtype:trojan-activity;sid:83701458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.239.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838357/; classtype:trojan-activity;sid:83701457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.181.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838356/; classtype:trojan-activity;sid:83701456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.34.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838355/; classtype:trojan-activity;sid:83701455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.46.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838354/; classtype:trojan-activity;sid:83701454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.240.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838352/; classtype:trojan-activity;sid:83701452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.238.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838351/; classtype:trojan-activity;sid:83701451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838349/; classtype:trojan-activity;sid:83701449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.239.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838350/; classtype:trojan-activity;sid:83701450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.81.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838348/; classtype:trojan-activity;sid:83701448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838346/; classtype:trojan-activity;sid:83701446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.213.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838345/; classtype:trojan-activity;sid:83701445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.204.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838344/; classtype:trojan-activity;sid:83701444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838343/; classtype:trojan-activity;sid:83701443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.181.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838342/; classtype:trojan-activity;sid:83701442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.240.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838340/; classtype:trojan-activity;sid:83701440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.83.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838341/; classtype:trojan-activity;sid:83701441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.32.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838339/; classtype:trojan-activity;sid:83701439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.183.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838337/; classtype:trojan-activity;sid:83701437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838336/; classtype:trojan-activity;sid:83701436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.9.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838333/; classtype:trojan-activity;sid:83701433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.213.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838332/; classtype:trojan-activity;sid:83701432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.32.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838330/; classtype:trojan-activity;sid:83701430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.183.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838329/; classtype:trojan-activity;sid:83701429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.115.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838328/; classtype:trojan-activity;sid:83701428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.37.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838327/; classtype:trojan-activity;sid:83701427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.130.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838326/; classtype:trojan-activity;sid:83701426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838325/; classtype:trojan-activity;sid:83701425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.141.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838323/; classtype:trojan-activity;sid:83701423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838322/; classtype:trojan-activity;sid:83701422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.9.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_05; reference:url, urlhaus.abuse.ch/url/2838320/; classtype:trojan-activity;sid:83701420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838319/; classtype:trojan-activity;sid:83701419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838318/; classtype:trojan-activity;sid:83701418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.148.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838317/; classtype:trojan-activity;sid:83701417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.23.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838316/; classtype:trojan-activity;sid:83701416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.18.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838315/; classtype:trojan-activity;sid:83701415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.72.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838314/; classtype:trojan-activity;sid:83701414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.130.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838313/; classtype:trojan-activity;sid:83701413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838312/; classtype:trojan-activity;sid:83701412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838311/; classtype:trojan-activity;sid:83701411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.75.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838310/; classtype:trojan-activity;sid:83701410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.237.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838309/; classtype:trojan-activity;sid:83701409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.254.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838308/; classtype:trojan-activity;sid:83701408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.148.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838307/; classtype:trojan-activity;sid:83701407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.23.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838306/; classtype:trojan-activity;sid:83701406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.159.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838305/; classtype:trojan-activity;sid:83701405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.191.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838304/; classtype:trojan-activity;sid:83701404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"62.217.187.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838303/; classtype:trojan-activity;sid:83701403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.112.179.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838302/; classtype:trojan-activity;sid:83701402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.81.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838301/; classtype:trojan-activity;sid:83701401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.72.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838300/; classtype:trojan-activity;sid:83701400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.172.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838299/; classtype:trojan-activity;sid:83701399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.174.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838298/; classtype:trojan-activity;sid:83701398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838297/; classtype:trojan-activity;sid:83701397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.196.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838296/; classtype:trojan-activity;sid:83701396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.237.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838294/; classtype:trojan-activity;sid:83701394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.169.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838295/; classtype:trojan-activity;sid:83701395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.84.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838293/; classtype:trojan-activity;sid:83701393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.194.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838292/; classtype:trojan-activity;sid:83701392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.112.179.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838291/; classtype:trojan-activity;sid:83701391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.147.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838290/; classtype:trojan-activity;sid:83701390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.191.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838289/; classtype:trojan-activity;sid:83701389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838288/; classtype:trojan-activity;sid:83701388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.32.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838287/; classtype:trojan-activity;sid:83701387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.10.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838286/; classtype:trojan-activity;sid:83701386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.180.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838285/; classtype:trojan-activity;sid:83701385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.190.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838284/; classtype:trojan-activity;sid:83701384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838283/; classtype:trojan-activity;sid:83701383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838282/; classtype:trojan-activity;sid:83701382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838281/; classtype:trojan-activity;sid:83701381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.144.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838279/; classtype:trojan-activity;sid:83701379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.95.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838280/; classtype:trojan-activity;sid:83701380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.14.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838278/; classtype:trojan-activity;sid:83701378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838277/; classtype:trojan-activity;sid:83701377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.180.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838276/; classtype:trojan-activity;sid:83701376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.174.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838275/; classtype:trojan-activity;sid:83701375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838274/; classtype:trojan-activity;sid:83701374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838273/; classtype:trojan-activity;sid:83701373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.129.242.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838272/; classtype:trojan-activity;sid:83701372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.103.37.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838271/; classtype:trojan-activity;sid:83701371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.57.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838270/; classtype:trojan-activity;sid:83701370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"184.60.63.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838269/; classtype:trojan-activity;sid:83701369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838268/; classtype:trojan-activity;sid:83701368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.32.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838267/; classtype:trojan-activity;sid:83701367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.180.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838266/; classtype:trojan-activity;sid:83701366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.1.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838265/; classtype:trojan-activity;sid:83701365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.9.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838264/; classtype:trojan-activity;sid:83701364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838263/; classtype:trojan-activity;sid:83701363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838261/; classtype:trojan-activity;sid:83701361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.36.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838262/; classtype:trojan-activity;sid:83701362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.211.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838260/; classtype:trojan-activity;sid:83701360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.58.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838259/; classtype:trojan-activity;sid:83701359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.171.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838258/; classtype:trojan-activity;sid:83701358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838257/; classtype:trojan-activity;sid:83701357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.202.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838256/; classtype:trojan-activity;sid:83701356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.126.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838255/; classtype:trojan-activity;sid:83701355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.67.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838254/; classtype:trojan-activity;sid:83701354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838253/; classtype:trojan-activity;sid:83701353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838252/; classtype:trojan-activity;sid:83701352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.11.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838251/; classtype:trojan-activity;sid:83701351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"184.60.63.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838249/; classtype:trojan-activity;sid:83701349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.242.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838250/; classtype:trojan-activity;sid:83701350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.171.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838248/; classtype:trojan-activity;sid:83701348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.206.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838247/; classtype:trojan-activity;sid:83701347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.72.177.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838246/; classtype:trojan-activity;sid:83701346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.36.223.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838245/; classtype:trojan-activity;sid:83701345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838244)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838244/; classtype:trojan-activity;sid:83701344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838243/; classtype:trojan-activity;sid:83701343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.194.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838242/; classtype:trojan-activity;sid:83701342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.126.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838241/; classtype:trojan-activity;sid:83701341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.203.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838240/; classtype:trojan-activity;sid:83701340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838239/; classtype:trojan-activity;sid:83701339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.222.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838238/; classtype:trojan-activity;sid:83701338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.187.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838237/; classtype:trojan-activity;sid:83701337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.72.177.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838236/; classtype:trojan-activity;sid:83701336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.50.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838235/; classtype:trojan-activity;sid:83701335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.19.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838233/; classtype:trojan-activity;sid:83701333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.247.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838234/; classtype:trojan-activity;sid:83701334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.24.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838232/; classtype:trojan-activity;sid:83701332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838231/; classtype:trojan-activity;sid:83701331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.205.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838229/; classtype:trojan-activity;sid:83701329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.214.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838230/; classtype:trojan-activity;sid:83701330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.242.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838228/; classtype:trojan-activity;sid:83701328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.63.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838227/; classtype:trojan-activity;sid:83701327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.87.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838226/; classtype:trojan-activity;sid:83701326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838225/; classtype:trojan-activity;sid:83701325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838224/; classtype:trojan-activity;sid:83701324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838222/; classtype:trojan-activity;sid:83701322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.104.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838223/; classtype:trojan-activity;sid:83701323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.247.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838221/; classtype:trojan-activity;sid:83701321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838220/; classtype:trojan-activity;sid:83701320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.50.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838219/; classtype:trojan-activity;sid:83701319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.184.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838218/; classtype:trojan-activity;sid:83701318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.102.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838217/; classtype:trojan-activity;sid:83701317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838216/; classtype:trojan-activity;sid:83701316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.196.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838214/; classtype:trojan-activity;sid:83701314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.24.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838215/; classtype:trojan-activity;sid:83701315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.137.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838213/; classtype:trojan-activity;sid:83701313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.248.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838212/; classtype:trojan-activity;sid:83701312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838211/; classtype:trojan-activity;sid:83701311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.239.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838210/; classtype:trojan-activity;sid:83701310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.243.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838209/; classtype:trojan-activity;sid:83701309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.52.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838208/; classtype:trojan-activity;sid:83701308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838207/; classtype:trojan-activity;sid:83701307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.254.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838206/; classtype:trojan-activity;sid:83701306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838205/; classtype:trojan-activity;sid:83701305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.205.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838203/; classtype:trojan-activity;sid:83701303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.142.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838204/; classtype:trojan-activity;sid:83701304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838202)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.242.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838202/; classtype:trojan-activity;sid:83701302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838201/; classtype:trojan-activity;sid:83701301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838200/; classtype:trojan-activity;sid:83701300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.63.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838199/; classtype:trojan-activity;sid:83701299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.16.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838198/; classtype:trojan-activity;sid:83701298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.104.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838197/; classtype:trojan-activity;sid:83701297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.241.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838196/; classtype:trojan-activity;sid:83701296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.149.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838195/; classtype:trojan-activity;sid:83701295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.32.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838194/; classtype:trojan-activity;sid:83701294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.180.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838193/; classtype:trojan-activity;sid:83701293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.102.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838192/; classtype:trojan-activity;sid:83701292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.251.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838191/; classtype:trojan-activity;sid:83701291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838190)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.229.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838190/; classtype:trojan-activity;sid:83701290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.243.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838189/; classtype:trojan-activity;sid:83701289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.12.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838188/; classtype:trojan-activity;sid:83701288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.214.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838187/; classtype:trojan-activity;sid:83701287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838186/; classtype:trojan-activity;sid:83701286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.32.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838185/; classtype:trojan-activity;sid:83701285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.58.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838184/; classtype:trojan-activity;sid:83701284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838183/; classtype:trojan-activity;sid:83701283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.233.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838182/; classtype:trojan-activity;sid:83701282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.11.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838181/; classtype:trojan-activity;sid:83701281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.54.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838180/; classtype:trojan-activity;sid:83701280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.195.46.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838179/; classtype:trojan-activity;sid:83701279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.68.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838178/; classtype:trojan-activity;sid:83701278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.118.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838176/; classtype:trojan-activity;sid:83701276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838177/; classtype:trojan-activity;sid:83701277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838175/; classtype:trojan-activity;sid:83701275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.28.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838174/; classtype:trojan-activity;sid:83701274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.121.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838173/; classtype:trojan-activity;sid:83701273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.105.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838172/; classtype:trojan-activity;sid:83701272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838171/; classtype:trojan-activity;sid:83701271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.54.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838170/; classtype:trojan-activity;sid:83701270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.77.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838169/; classtype:trojan-activity;sid:83701269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838168/; classtype:trojan-activity;sid:83701268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.241.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838167/; classtype:trojan-activity;sid:83701267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.214.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838166/; classtype:trojan-activity;sid:83701266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.167.27.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838165/; classtype:trojan-activity;sid:83701265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838164/; classtype:trojan-activity;sid:83701264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.233.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838163/; classtype:trojan-activity;sid:83701263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.10.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838162/; classtype:trojan-activity;sid:83701262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838161/; classtype:trojan-activity;sid:83701261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.229.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838160/; classtype:trojan-activity;sid:83701260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.46.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838159/; classtype:trojan-activity;sid:83701259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.122.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838158/; classtype:trojan-activity;sid:83701258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.105.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838156/; classtype:trojan-activity;sid:83701256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.118.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838157/; classtype:trojan-activity;sid:83701257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.121.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838155/; classtype:trojan-activity;sid:83701255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838154)"; flow:established,from_client; content:"GET"; http_method; content:"/94156"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"85.209.133.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838154/; classtype:trojan-activity;sid:83701254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.182.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838153/; classtype:trojan-activity;sid:83701253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838152/; classtype:trojan-activity;sid:83701252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.97.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838151/; classtype:trojan-activity;sid:83701251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.214.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838149/; classtype:trojan-activity;sid:83701249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.120.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838150/; classtype:trojan-activity;sid:83701250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838148/; classtype:trojan-activity;sid:83701248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838147/; classtype:trojan-activity;sid:83701247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838146/; classtype:trojan-activity;sid:83701246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.188.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838145/; classtype:trojan-activity;sid:83701245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838144/; classtype:trojan-activity;sid:83701244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838143/; classtype:trojan-activity;sid:83701243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838142/; classtype:trojan-activity;sid:83701242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838141/; classtype:trojan-activity;sid:83701241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.4.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838140/; classtype:trojan-activity;sid:83701240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.162.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838139/; classtype:trojan-activity;sid:83701239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838138/; classtype:trojan-activity;sid:83701238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838134/; classtype:trojan-activity;sid:83701234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838135/; classtype:trojan-activity;sid:83701235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.122.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838136/; classtype:trojan-activity;sid:83701236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.5.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838137/; classtype:trojan-activity;sid:83701237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.180.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838132/; classtype:trojan-activity;sid:83701232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838133/; classtype:trojan-activity;sid:83701233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.44.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838131/; classtype:trojan-activity;sid:83701231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.120.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838130/; classtype:trojan-activity;sid:83701230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838129/; classtype:trojan-activity;sid:83701229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838128)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.34.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838128/; classtype:trojan-activity;sid:83701228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.129.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838127/; classtype:trojan-activity;sid:83701227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.100.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838126/; classtype:trojan-activity;sid:83701226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.240.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838125/; classtype:trojan-activity;sid:83701225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.84.110.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838124/; classtype:trojan-activity;sid:83701224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.44.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838123/; classtype:trojan-activity;sid:83701223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.238.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838122/; classtype:trojan-activity;sid:83701222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838120/; classtype:trojan-activity;sid:83701220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838121/; classtype:trojan-activity;sid:83701221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.120.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838119/; classtype:trojan-activity;sid:83701219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838118/; classtype:trojan-activity;sid:83701218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.147.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838117/; classtype:trojan-activity;sid:83701217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.217.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838116/; classtype:trojan-activity;sid:83701216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.143.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838115/; classtype:trojan-activity;sid:83701215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838114/; classtype:trojan-activity;sid:83701214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838113/; classtype:trojan-activity;sid:83701213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.22.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838111/; classtype:trojan-activity;sid:83701211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838112/; classtype:trojan-activity;sid:83701212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.249.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838110/; classtype:trojan-activity;sid:83701210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838109/; classtype:trojan-activity;sid:83701209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.116.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838108/; classtype:trojan-activity;sid:83701208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838107/; classtype:trojan-activity;sid:83701207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.37.3.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838106/; classtype:trojan-activity;sid:83701206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.25.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838105/; classtype:trojan-activity;sid:83701205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.22.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838103/; classtype:trojan-activity;sid:83701203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838104/; classtype:trojan-activity;sid:83701204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838102/; classtype:trojan-activity;sid:83701202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.6.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838101/; classtype:trojan-activity;sid:83701201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838100/; classtype:trojan-activity;sid:83701200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.137.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838099/; classtype:trojan-activity;sid:83701199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838098/; classtype:trojan-activity;sid:83701198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838097/; classtype:trojan-activity;sid:83701197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.22.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838096/; classtype:trojan-activity;sid:83701196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.143.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838095/; classtype:trojan-activity;sid:83701195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.221.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838094/; classtype:trojan-activity;sid:83701194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838093/; classtype:trojan-activity;sid:83701193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.86.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838091/; classtype:trojan-activity;sid:83701191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838092)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img4.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"9s5.biz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838092/; classtype:trojan-activity;sid:83701192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.35.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838090/; classtype:trojan-activity;sid:83701190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.25.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838089/; classtype:trojan-activity;sid:83701189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838088/; classtype:trojan-activity;sid:83701188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.235.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838087/; classtype:trojan-activity;sid:83701187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838086/; classtype:trojan-activity;sid:83701186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.151.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838085/; classtype:trojan-activity;sid:83701185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.149.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838084/; classtype:trojan-activity;sid:83701184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.108.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838083/; classtype:trojan-activity;sid:83701183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.108.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838082/; classtype:trojan-activity;sid:83701182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.250.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838080/; classtype:trojan-activity;sid:83701180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.86.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838081/; classtype:trojan-activity;sid:83701181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.194.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838079/; classtype:trojan-activity;sid:83701179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.1.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838078/; classtype:trojan-activity;sid:83701178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.185.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838077/; classtype:trojan-activity;sid:83701177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.63.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838075/; classtype:trojan-activity;sid:83701175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.35.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838076/; classtype:trojan-activity;sid:83701176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838074/; classtype:trojan-activity;sid:83701174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.160.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838073/; classtype:trojan-activity;sid:83701173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.101.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838072/; classtype:trojan-activity;sid:83701172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.250.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838071/; classtype:trojan-activity;sid:83701171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.235.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838070/; classtype:trojan-activity;sid:83701170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.207.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838069/; classtype:trojan-activity;sid:83701169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.194.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838068/; classtype:trojan-activity;sid:83701168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.151.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838067/; classtype:trojan-activity;sid:83701167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.108.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838066/; classtype:trojan-activity;sid:83701166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.148.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838065/; classtype:trojan-activity;sid:83701165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.66.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838064/; classtype:trojan-activity;sid:83701164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838063/; classtype:trojan-activity;sid:83701163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838062)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.209.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838062/; classtype:trojan-activity;sid:83701162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838060/; classtype:trojan-activity;sid:83701160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.249.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838061/; classtype:trojan-activity;sid:83701161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.102.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838059/; classtype:trojan-activity;sid:83701159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.72.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838058/; classtype:trojan-activity;sid:83701158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838057/; classtype:trojan-activity;sid:83701157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838056/; classtype:trojan-activity;sid:83701156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.1.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838055/; classtype:trojan-activity;sid:83701155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.94.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838054/; classtype:trojan-activity;sid:83701154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.194.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838053/; classtype:trojan-activity;sid:83701153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838052/; classtype:trojan-activity;sid:83701152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.60.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838051/; classtype:trojan-activity;sid:83701151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.160.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838049/; classtype:trojan-activity;sid:83701149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838050/; classtype:trojan-activity;sid:83701150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.231.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838048/; classtype:trojan-activity;sid:83701148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.90.68.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838047/; classtype:trojan-activity;sid:83701147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.142.77.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838046/; classtype:trojan-activity;sid:83701146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.9.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838044/; classtype:trojan-activity;sid:83701144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.9.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838045/; classtype:trojan-activity;sid:83701145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.225.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838042/; classtype:trojan-activity;sid:83701142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.31.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838043/; classtype:trojan-activity;sid:83701143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838041)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838041/; classtype:trojan-activity;sid:83701141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.175.34.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838039/; classtype:trojan-activity;sid:83701139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.160.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838040/; classtype:trojan-activity;sid:83701140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838038/; classtype:trojan-activity;sid:83701138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838037/; classtype:trojan-activity;sid:83701137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.47.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838035/; classtype:trojan-activity;sid:83701135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838036/; classtype:trojan-activity;sid:83701136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.66.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838033/; classtype:trojan-activity;sid:83701133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838034/; classtype:trojan-activity;sid:83701134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.240.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838032/; classtype:trojan-activity;sid:83701132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838031/; classtype:trojan-activity;sid:83701131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.99.0.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838029/; classtype:trojan-activity;sid:83701129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.160.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838030/; classtype:trojan-activity;sid:83701130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838028)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838028/; classtype:trojan-activity;sid:83701128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.0.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838027/; classtype:trojan-activity;sid:83701127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.194.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838024/; classtype:trojan-activity;sid:83701124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.43.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838025/; classtype:trojan-activity;sid:83701125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.213.184.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838026/; classtype:trojan-activity;sid:83701126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838021/; classtype:trojan-activity;sid:83701121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838022/; classtype:trojan-activity;sid:83701122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.173.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838023/; classtype:trojan-activity;sid:83701123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.254.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838017/; classtype:trojan-activity;sid:83701117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.135.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838018/; classtype:trojan-activity;sid:83701118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.22.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838019/; classtype:trojan-activity;sid:83701119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838020/; classtype:trojan-activity;sid:83701120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.151"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838012/; classtype:trojan-activity;sid:83701112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838013/; classtype:trojan-activity;sid:83701113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.194.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838014/; classtype:trojan-activity;sid:83701114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.61.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838015/; classtype:trojan-activity;sid:83701115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838016)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.47.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838016/; classtype:trojan-activity;sid:83701116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.80.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838009/; classtype:trojan-activity;sid:83701109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.249.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838010/; classtype:trojan-activity;sid:83701110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838011/; classtype:trojan-activity;sid:83701111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838005/; classtype:trojan-activity;sid:83701105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838006/; classtype:trojan-activity;sid:83701106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.29"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838007/; classtype:trojan-activity;sid:83701107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.202.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838008/; classtype:trojan-activity;sid:83701108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.137.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838000/; classtype:trojan-activity;sid:83701100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838001/; classtype:trojan-activity;sid:83701101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.130.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838002/; classtype:trojan-activity;sid:83701102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.41.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838003/; classtype:trojan-activity;sid:83701103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2838004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.234.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2838004/; classtype:trojan-activity;sid:83701104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.130.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837996/; classtype:trojan-activity;sid:83701096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.150.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837997/; classtype:trojan-activity;sid:83701097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837998/; classtype:trojan-activity;sid:83701098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837999)"; flow:established,from_client; content:"GET"; http_method; content:"/img/img3.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"9s5.biz"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837999/; classtype:trojan-activity;sid:83701099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837985/; classtype:trojan-activity;sid:83701085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837986/; classtype:trojan-activity;sid:83701086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837987/; classtype:trojan-activity;sid:83701087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837988/; classtype:trojan-activity;sid:83701088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.217.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837989/; classtype:trojan-activity;sid:83701089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837990/; classtype:trojan-activity;sid:83701090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837991/; classtype:trojan-activity;sid:83701091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.72.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837992/; classtype:trojan-activity;sid:83701092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.124.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837993/; classtype:trojan-activity;sid:83701093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837994/; classtype:trojan-activity;sid:83701094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837995/; classtype:trojan-activity;sid:83701095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.89.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837979/; classtype:trojan-activity;sid:83701079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.90.68.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837980/; classtype:trojan-activity;sid:83701080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.251.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837981/; classtype:trojan-activity;sid:83701081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.150.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837982/; classtype:trojan-activity;sid:83701082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.94.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837983/; classtype:trojan-activity;sid:83701083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.91.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837984/; classtype:trojan-activity;sid:83701084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.86.156.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837976/; classtype:trojan-activity;sid:83701076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.235.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837977/; classtype:trojan-activity;sid:83701077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.254.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837978/; classtype:trojan-activity;sid:83701078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.43.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837973/; classtype:trojan-activity;sid:83701073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.56.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837974/; classtype:trojan-activity;sid:83701074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.46.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837975/; classtype:trojan-activity;sid:83701075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837970)"; flow:established,from_client; content:"GET"; http_method; content:"/zhw10.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837970/; classtype:trojan-activity;sid:83701070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837969)"; flow:established,from_client; content:"GET"; http_method; content:"/cyber2019.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837969/; classtype:trojan-activity;sid:83701069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837968)"; flow:established,from_client; content:"GET"; http_method; content:"/dd.rar"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837968/; classtype:trojan-activity;sid:83701068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837967)"; flow:established,from_client; content:"GET"; http_method; content:"/svchosc.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837967/; classtype:trojan-activity;sid:83701067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837966)"; flow:established,from_client; content:"GET"; http_method; content:"/yungengxin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837966/; classtype:trojan-activity;sid:83701066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837965)"; flow:established,from_client; content:"GET"; http_method; content:"/yileyou.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.61.248.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837965/; classtype:trojan-activity;sid:83701065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.1.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837964/; classtype:trojan-activity;sid:83701064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.251.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837963/; classtype:trojan-activity;sid:83701063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.89.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837962/; classtype:trojan-activity;sid:83701062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.112.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837961/; classtype:trojan-activity;sid:83701061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.127.95.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837960/; classtype:trojan-activity;sid:83701060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837959/; classtype:trojan-activity;sid:83701059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837958/; classtype:trojan-activity;sid:83701058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.91.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837957/; classtype:trojan-activity;sid:83701057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.129.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837956/; classtype:trojan-activity;sid:83701056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.250.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837955/; classtype:trojan-activity;sid:83701055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.153.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837952/; classtype:trojan-activity;sid:83701052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837953/; classtype:trojan-activity;sid:83701053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837954/; classtype:trojan-activity;sid:83701054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.156.64"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837951/; classtype:trojan-activity;sid:83701051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.1.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837950/; classtype:trojan-activity;sid:83701050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.127.95.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837949/; classtype:trojan-activity;sid:83701049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.215.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837948/; classtype:trojan-activity;sid:83701048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.225.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837947/; classtype:trojan-activity;sid:83701047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.37.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837946/; classtype:trojan-activity;sid:83701046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.47.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837945/; classtype:trojan-activity;sid:83701045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.93.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837944/; classtype:trojan-activity;sid:83701044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.11.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837943/; classtype:trojan-activity;sid:83701043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.5.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837942/; classtype:trojan-activity;sid:83701042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.174.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837941/; classtype:trojan-activity;sid:83701041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.98.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837940/; classtype:trojan-activity;sid:83701040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.243.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837939/; classtype:trojan-activity;sid:83701039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.251.13.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837938/; classtype:trojan-activity;sid:83701038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837937/; classtype:trojan-activity;sid:83701037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.37.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837936/; classtype:trojan-activity;sid:83701036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837935/; classtype:trojan-activity;sid:83701035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837934/; classtype:trojan-activity;sid:83701034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.11.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837933/; classtype:trojan-activity;sid:83701033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.162.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837932/; classtype:trojan-activity;sid:83701032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837931/; classtype:trojan-activity;sid:83701031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837930)"; flow:established,from_client; content:"GET"; http_method; content:"/carrera/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"176.113.115.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837930/; classtype:trojan-activity;sid:83701030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.0.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837929/; classtype:trojan-activity;sid:83701029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.162.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837928/; classtype:trojan-activity;sid:83701028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837927/; classtype:trojan-activity;sid:83701027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837926/; classtype:trojan-activity;sid:83701026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.210.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837925/; classtype:trojan-activity;sid:83701025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.117.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837924/; classtype:trojan-activity;sid:83701024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.150.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837922/; classtype:trojan-activity;sid:83701022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.150.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837923/; classtype:trojan-activity;sid:83701023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.223.27.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837921/; classtype:trojan-activity;sid:83701021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.0.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837919/; classtype:trojan-activity;sid:83701019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.4.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837920/; classtype:trojan-activity;sid:83701020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.167.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837918/; classtype:trojan-activity;sid:83701018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.210.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837917/; classtype:trojan-activity;sid:83701017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.5.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837916/; classtype:trojan-activity;sid:83701016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.183.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837915/; classtype:trojan-activity;sid:83701015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.88.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837914/; classtype:trojan-activity;sid:83701014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.223.27.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837913/; classtype:trojan-activity;sid:83701013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.214.34.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837912/; classtype:trojan-activity;sid:83701012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.167.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837911/; classtype:trojan-activity;sid:83701011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.163.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837910/; classtype:trojan-activity;sid:83701010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.66.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837909/; classtype:trojan-activity;sid:83701009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.167.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837908/; classtype:trojan-activity;sid:83701008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.220.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837907/; classtype:trojan-activity;sid:83701007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.61.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837906/; classtype:trojan-activity;sid:83701006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.51.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837904/; classtype:trojan-activity;sid:83701004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.235.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837905/; classtype:trojan-activity;sid:83701005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837903/; classtype:trojan-activity;sid:83701003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837902/; classtype:trojan-activity;sid:83701002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.61.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837901/; classtype:trojan-activity;sid:83701001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.217.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837900/; classtype:trojan-activity;sid:83701000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837899/; classtype:trojan-activity;sid:83700999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.253.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837898/; classtype:trojan-activity;sid:83700998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.167.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837897/; classtype:trojan-activity;sid:83700997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837896)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837896/; classtype:trojan-activity;sid:83700996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.167.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837895/; classtype:trojan-activity;sid:83700995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.121.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837892/; classtype:trojan-activity;sid:83700992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.5.238"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837893/; classtype:trojan-activity;sid:83700993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.25.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837894/; classtype:trojan-activity;sid:83700994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.110.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837890/; classtype:trojan-activity;sid:83700990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.45.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837891/; classtype:trojan-activity;sid:83700991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.142.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837889/; classtype:trojan-activity;sid:83700989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.99.201.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837888/; classtype:trojan-activity;sid:83700988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.214.34.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837887/; classtype:trojan-activity;sid:83700987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.191.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837886/; classtype:trojan-activity;sid:83700986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.202.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837885/; classtype:trojan-activity;sid:83700985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.152.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837884/; classtype:trojan-activity;sid:83700984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837883/; classtype:trojan-activity;sid:83700983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.51.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837882/; classtype:trojan-activity;sid:83700982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.2.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837881/; classtype:trojan-activity;sid:83700981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.201.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837880/; classtype:trojan-activity;sid:83700980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.238.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837879/; classtype:trojan-activity;sid:83700979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837878/; classtype:trojan-activity;sid:83700978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.163.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837877/; classtype:trojan-activity;sid:83700977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.10.137"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837876/; classtype:trojan-activity;sid:83700976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.135.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837875/; classtype:trojan-activity;sid:83700975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837874/; classtype:trojan-activity;sid:83700974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.245.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837873/; classtype:trojan-activity;sid:83700973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.82.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837872/; classtype:trojan-activity;sid:83700972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.225.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837871/; classtype:trojan-activity;sid:83700971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.56.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837870/; classtype:trojan-activity;sid:83700970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837869/; classtype:trojan-activity;sid:83700969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.78.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837868/; classtype:trojan-activity;sid:83700968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.160.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837867/; classtype:trojan-activity;sid:83700967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.227.57.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837866/; classtype:trojan-activity;sid:83700966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.20.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837865/; classtype:trojan-activity;sid:83700965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.254.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837864/; classtype:trojan-activity;sid:83700964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.98.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837863/; classtype:trojan-activity;sid:83700963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.135.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837862/; classtype:trojan-activity;sid:83700962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.78.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837861/; classtype:trojan-activity;sid:83700961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.244.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837859/; classtype:trojan-activity;sid:83700959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.188.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837860/; classtype:trojan-activity;sid:83700960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.188.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837857/; classtype:trojan-activity;sid:83700957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.235.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837858/; classtype:trojan-activity;sid:83700958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.78.77.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837856/; classtype:trojan-activity;sid:83700956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837855)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.20.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837855/; classtype:trojan-activity;sid:83700955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837854)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.34.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837854/; classtype:trojan-activity;sid:83700954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.194.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837853/; classtype:trojan-activity;sid:83700953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837852)"; flow:established,from_client; content:"GET"; http_method; content:"/capibara/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"176.113.115.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837852/; classtype:trojan-activity;sid:83700952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837851/; classtype:trojan-activity;sid:83700951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.244.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837850/; classtype:trojan-activity;sid:83700950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.184.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837849/; classtype:trojan-activity;sid:83700949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.215.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837848/; classtype:trojan-activity;sid:83700948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837847)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.226.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837847/; classtype:trojan-activity;sid:83700947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.49.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837846/; classtype:trojan-activity;sid:83700946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.20.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837845/; classtype:trojan-activity;sid:83700945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.97.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837843/; classtype:trojan-activity;sid:83700943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.181.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837844/; classtype:trojan-activity;sid:83700944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.244.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837842/; classtype:trojan-activity;sid:83700942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837840/; classtype:trojan-activity;sid:83700940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.18.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837841/; classtype:trojan-activity;sid:83700941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.119.199.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837839/; classtype:trojan-activity;sid:83700939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837838)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837838/; classtype:trojan-activity;sid:83700938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837837/; classtype:trojan-activity;sid:83700937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.3.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837836/; classtype:trojan-activity;sid:83700936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837835/; classtype:trojan-activity;sid:83700935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.204.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837833/; classtype:trojan-activity;sid:83700933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.215.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837834/; classtype:trojan-activity;sid:83700934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.20.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837832/; classtype:trojan-activity;sid:83700932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.10.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837831/; classtype:trojan-activity;sid:83700931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837830/; classtype:trojan-activity;sid:83700930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.194.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837828/; classtype:trojan-activity;sid:83700928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.66.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837829/; classtype:trojan-activity;sid:83700929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.50.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837827/; classtype:trojan-activity;sid:83700927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.119.199.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837826/; classtype:trojan-activity;sid:83700926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.181.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837825/; classtype:trojan-activity;sid:83700925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837824/; classtype:trojan-activity;sid:83700924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.9.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837823/; classtype:trojan-activity;sid:83700923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837822)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.94.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837822/; classtype:trojan-activity;sid:83700922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.245.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837821/; classtype:trojan-activity;sid:83700921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837820/; classtype:trojan-activity;sid:83700920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.3.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837819/; classtype:trojan-activity;sid:83700919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837818)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837818/; classtype:trojan-activity;sid:83700918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837817/; classtype:trojan-activity;sid:83700917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837816)"; flow:established,from_client; content:"GET"; http_method; content:"/9999"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.207.62.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837816/; classtype:trojan-activity;sid:83700916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.213.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837815/; classtype:trojan-activity;sid:83700915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837814/; classtype:trojan-activity;sid:83700914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837813/; classtype:trojan-activity;sid:83700913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.7.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837812/; classtype:trojan-activity;sid:83700912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.9.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837811/; classtype:trojan-activity;sid:83700911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.33.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837810/; classtype:trojan-activity;sid:83700910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837809/; classtype:trojan-activity;sid:83700909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.92.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837808/; classtype:trojan-activity;sid:83700908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837807)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837807/; classtype:trojan-activity;sid:83700907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.178.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837806/; classtype:trojan-activity;sid:83700906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837805/; classtype:trojan-activity;sid:83700905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.64.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837804/; classtype:trojan-activity;sid:83700904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837803/; classtype:trojan-activity;sid:83700903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837801)"; flow:established,from_client; content:"GET"; http_method; content:"/byfronbypass.html/css/mss/psojnzwt.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"ghuytyh45.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837801/; classtype:trojan-activity;sid:83700901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837802)"; flow:established,from_client; content:"GET"; http_method; content:"/byfronbypass.html/css/mss/stelret.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"ghuytyh45.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837802/; classtype:trojan-activity;sid:83700902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837800)"; flow:established,from_client; content:"GET"; http_method; content:"/byfronbypass.html/css/mss/chwms.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"ghuytyh45.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837800/; classtype:trojan-activity;sid:83700900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.11.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837799/; classtype:trojan-activity;sid:83700899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.217.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837797/; classtype:trojan-activity;sid:83700897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837798/; classtype:trojan-activity;sid:83700898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.92.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837796/; classtype:trojan-activity;sid:83700896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.178.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837795/; classtype:trojan-activity;sid:83700895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837794/; classtype:trojan-activity;sid:83700894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837793/; classtype:trojan-activity;sid:83700893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.229.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837791/; classtype:trojan-activity;sid:83700891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.243.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837792/; classtype:trojan-activity;sid:83700892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.81.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837790/; classtype:trojan-activity;sid:83700890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.173.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837789/; classtype:trojan-activity;sid:83700889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.80.24"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837788/; classtype:trojan-activity;sid:83700888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.215.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837787/; classtype:trojan-activity;sid:83700887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.213.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837783/; classtype:trojan-activity;sid:83700883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.179.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837784/; classtype:trojan-activity;sid:83700884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837785/; classtype:trojan-activity;sid:83700885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837786/; classtype:trojan-activity;sid:83700886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837782)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837782/; classtype:trojan-activity;sid:83700882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837781/; classtype:trojan-activity;sid:83700881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.205.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837780/; classtype:trojan-activity;sid:83700880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.142.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837779/; classtype:trojan-activity;sid:83700879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837778/; classtype:trojan-activity;sid:83700878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837774)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837774/; classtype:trojan-activity;sid:83700874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837775)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837775/; classtype:trojan-activity;sid:83700875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837776)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4tl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837776/; classtype:trojan-activity;sid:83700876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837777)"; flow:established,from_client; content:"GET"; http_method; content:"/mips64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837777/; classtype:trojan-activity;sid:83700877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837770)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837770/; classtype:trojan-activity;sid:83700870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837771)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837771/; classtype:trojan-activity;sid:83700871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837772)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837772/; classtype:trojan-activity;sid:83700872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837773)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837773/; classtype:trojan-activity;sid:83700873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837767)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837767/; classtype:trojan-activity;sid:83700867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837768/; classtype:trojan-activity;sid:83700868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.56.206.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837769/; classtype:trojan-activity;sid:83700869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837765)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4eb"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837765/; classtype:trojan-activity;sid:83700865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837766)"; flow:established,from_client; content:"GET"; http_method; content:"/arc700"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837766/; classtype:trojan-activity;sid:83700866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837759)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837759/; classtype:trojan-activity;sid:83700859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837760)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837760/; classtype:trojan-activity;sid:83700860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837761)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837761/; classtype:trojan-activity;sid:83700861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837762)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837762/; classtype:trojan-activity;sid:83700862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837763)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837763/; classtype:trojan-activity;sid:83700863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837764)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837764/; classtype:trojan-activity;sid:83700864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.216.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837758/; classtype:trojan-activity;sid:83700858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837757)"; flow:established,from_client; content:"GET"; http_method; content:"/t76434567000.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"baitalasma.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837757/; classtype:trojan-activity;sid:83700857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.205.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837756/; classtype:trojan-activity;sid:83700856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.177.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837755/; classtype:trojan-activity;sid:83700855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.147.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837754/; classtype:trojan-activity;sid:83700854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837753/; classtype:trojan-activity;sid:83700853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.142.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837751/; classtype:trojan-activity;sid:83700851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.216.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837752/; classtype:trojan-activity;sid:83700852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.124.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837750/; classtype:trojan-activity;sid:83700850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837749/; classtype:trojan-activity;sid:83700849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837748)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.35.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837748/; classtype:trojan-activity;sid:83700848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.146.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837747/; classtype:trojan-activity;sid:83700847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.177.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837746/; classtype:trojan-activity;sid:83700846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837745)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.206.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837745/; classtype:trojan-activity;sid:83700845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.188.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837744/; classtype:trojan-activity;sid:83700844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.157.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837743/; classtype:trojan-activity;sid:83700843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.200.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837742/; classtype:trojan-activity;sid:83700842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837741)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/twentytwentytwo/dark.hta"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"linktoxic34.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837741/; classtype:trojan-activity;sid:83700841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.198.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837740/; classtype:trojan-activity;sid:83700840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837737)"; flow:established,from_client; content:"GET"; http_method; content:"/vkdsoriqv105.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.105.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837737/; classtype:trojan-activity;sid:83700837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.51.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837738/; classtype:trojan-activity;sid:83700838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837739)"; flow:established,from_client; content:"GET"; http_method; content:"/oxaluria209.smi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837739/; classtype:trojan-activity;sid:83700839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.196.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837736/; classtype:trojan-activity;sid:83700836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837735/; classtype:trojan-activity;sid:83700835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.163.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837734/; classtype:trojan-activity;sid:83700834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837733)"; flow:established,from_client; content:"GET"; http_method; content:"/d/pz7nj"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837733/; classtype:trojan-activity;sid:83700833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837732)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ecmz7z04"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837732/; classtype:trojan-activity;sid:83700832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837731)"; flow:established,from_client; content:"GET"; http_method; content:"/byfronbypass.html/css/mss/brukie.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"ghuytyh45.duckdns.org"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837731/; classtype:trojan-activity;sid:83700831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837730)"; flow:established,from_client; content:"GET"; http_method; content:"/nm/xwomay.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"www.evolve27.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837730/; classtype:trojan-activity;sid:83700830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837729)"; flow:established,from_client; content:"GET"; http_method; content:"/nm/hvapril.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.evolve27.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837729/; classtype:trojan-activity;sid:83700829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.198.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837727/; classtype:trojan-activity;sid:83700827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.141.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837728/; classtype:trojan-activity;sid:83700828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837726)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/vp3shfzm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837726/; classtype:trojan-activity;sid:83700826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837725)"; flow:established,from_client; content:"GET"; http_method; content:"/eskgbins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837725/; classtype:trojan-activity;sid:83700825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837723/; classtype:trojan-activity;sid:83700823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837724)"; flow:established,from_client; content:"GET"; http_method; content:"/yoyobins.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837724/; classtype:trojan-activity;sid:83700824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837722/; classtype:trojan-activity;sid:83700822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.146.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837721/; classtype:trojan-activity;sid:83700821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837718)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837718/; classtype:trojan-activity;sid:83700818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837719)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=14bqcncn4lhjm2gfztm2rvem8n7w_fwok"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837719/; classtype:trojan-activity;sid:83700819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837720)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10m-gy1p-loat1a8cnaeuutobbttqx9wa"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837720/; classtype:trojan-activity;sid:83700820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.225.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837717/; classtype:trojan-activity;sid:83700817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837716/; classtype:trojan-activity;sid:83700816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.204.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837715/; classtype:trojan-activity;sid:83700815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837714/; classtype:trojan-activity;sid:83700814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837713/; classtype:trojan-activity;sid:83700813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837712/; classtype:trojan-activity;sid:83700812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.229.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837711/; classtype:trojan-activity;sid:83700811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.51.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837710/; classtype:trojan-activity;sid:83700810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837709/; classtype:trojan-activity;sid:83700809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837707/; classtype:trojan-activity;sid:83700807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837708/; classtype:trojan-activity;sid:83700808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837706)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837706/; classtype:trojan-activity;sid:83700806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.34.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837705/; classtype:trojan-activity;sid:83700805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837704/; classtype:trojan-activity;sid:83700804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.161.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837703/; classtype:trojan-activity;sid:83700803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.163.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837702/; classtype:trojan-activity;sid:83700802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837701/; classtype:trojan-activity;sid:83700801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.141.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837700/; classtype:trojan-activity;sid:83700800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837699)"; flow:established,from_client; content:"GET"; http_method; content:"/gr22.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xn42553358.servegame.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837699/; classtype:trojan-activity;sid:83700799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837698)"; flow:established,from_client; content:"GET"; http_method; content:"/br03.zip"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"158.69.171.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837698/; classtype:trojan-activity;sid:83700798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837697)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"8.217.250.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837697/; classtype:trojan-activity;sid:83700797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837696)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"129.144.180.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837696/; classtype:trojan-activity;sid:83700796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837695)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"168.119.173.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837695/; classtype:trojan-activity;sid:83700795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837694)"; flow:established,from_client; content:"GET"; http_method; content:"/shk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837694/; classtype:trojan-activity;sid:83700794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.198.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837693/; classtype:trojan-activity;sid:83700793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.185.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837692/; classtype:trojan-activity;sid:83700792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837691/; classtype:trojan-activity;sid:83700791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.71.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837690/; classtype:trojan-activity;sid:83700790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.240.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837689/; classtype:trojan-activity;sid:83700789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837688/; classtype:trojan-activity;sid:83700788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837687/; classtype:trojan-activity;sid:83700787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837685/; classtype:trojan-activity;sid:83700785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837686/; classtype:trojan-activity;sid:83700786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837684/; classtype:trojan-activity;sid:83700784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.177.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837683/; classtype:trojan-activity;sid:83700783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837682)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.164.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837682/; classtype:trojan-activity;sid:83700782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837678)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.18.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837678/; classtype:trojan-activity;sid:83700778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837679/; classtype:trojan-activity;sid:83700779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.122.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837680/; classtype:trojan-activity;sid:83700780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.229.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837681/; classtype:trojan-activity;sid:83700781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.161.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837677/; classtype:trojan-activity;sid:83700777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837676/; classtype:trojan-activity;sid:83700776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.254.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837675/; classtype:trojan-activity;sid:83700775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837674/; classtype:trojan-activity;sid:83700774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.229.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837673/; classtype:trojan-activity;sid:83700773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.40.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837672/; classtype:trojan-activity;sid:83700772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.58.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837671/; classtype:trojan-activity;sid:83700771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.60.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837670/; classtype:trojan-activity;sid:83700770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.122.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837669/; classtype:trojan-activity;sid:83700769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.61.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837668/; classtype:trojan-activity;sid:83700768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837667/; classtype:trojan-activity;sid:83700767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837666)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837666/; classtype:trojan-activity;sid:83700766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.66.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837665/; classtype:trojan-activity;sid:83700765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837664/; classtype:trojan-activity;sid:83700764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837663)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837663/; classtype:trojan-activity;sid:83700763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.85.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837662/; classtype:trojan-activity;sid:83700762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.35.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837661/; classtype:trojan-activity;sid:83700761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837659)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837659/; classtype:trojan-activity;sid:83700759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.173.137.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837660/; classtype:trojan-activity;sid:83700760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.178.199.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837657/; classtype:trojan-activity;sid:83700757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.54.98.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837658/; classtype:trojan-activity;sid:83700758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.159.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837656/; classtype:trojan-activity;sid:83700756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.198.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837654/; classtype:trojan-activity;sid:83700754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.195.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837655/; classtype:trojan-activity;sid:83700755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.32.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837651/; classtype:trojan-activity;sid:83700751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.35.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837652/; classtype:trojan-activity;sid:83700752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.64.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837653/; classtype:trojan-activity;sid:83700753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837650)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.254.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837650/; classtype:trojan-activity;sid:83700750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837649)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837649/; classtype:trojan-activity;sid:83700749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837648/; classtype:trojan-activity;sid:83700748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.160.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837647/; classtype:trojan-activity;sid:83700747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837646/; classtype:trojan-activity;sid:83700746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837645)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.87.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837645/; classtype:trojan-activity;sid:83700745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.35.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837644/; classtype:trojan-activity;sid:83700744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837643/; classtype:trojan-activity;sid:83700743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.85.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837641/; classtype:trojan-activity;sid:83700741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.253.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837642/; classtype:trojan-activity;sid:83700742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.35.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837640/; classtype:trojan-activity;sid:83700740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.60.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837639/; classtype:trojan-activity;sid:83700739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.250.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837638/; classtype:trojan-activity;sid:83700738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.250.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837637/; classtype:trojan-activity;sid:83700737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.178.199.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837636/; classtype:trojan-activity;sid:83700736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.32.10"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837635/; classtype:trojan-activity;sid:83700735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837634/; classtype:trojan-activity;sid:83700734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.183.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837633/; classtype:trojan-activity;sid:83700733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837632/; classtype:trojan-activity;sid:83700732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837631/; classtype:trojan-activity;sid:83700731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837630)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.175.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837630/; classtype:trojan-activity;sid:83700730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.149.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837629/; classtype:trojan-activity;sid:83700729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.53.42.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837628/; classtype:trojan-activity;sid:83700728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.87.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837627/; classtype:trojan-activity;sid:83700727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.33.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837626/; classtype:trojan-activity;sid:83700726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.13.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837625/; classtype:trojan-activity;sid:83700725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837624/; classtype:trojan-activity;sid:83700724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.162.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837623/; classtype:trojan-activity;sid:83700723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.217.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837622/; classtype:trojan-activity;sid:83700722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.42.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837620/; classtype:trojan-activity;sid:83700720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.123.175.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837621/; classtype:trojan-activity;sid:83700721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.27.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837619/; classtype:trojan-activity;sid:83700719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.254.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837616/; classtype:trojan-activity;sid:83700716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837617)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.60.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837617/; classtype:trojan-activity;sid:83700717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837618/; classtype:trojan-activity;sid:83700718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.234.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837615/; classtype:trojan-activity;sid:83700715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837614/; classtype:trojan-activity;sid:83700714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837612/; classtype:trojan-activity;sid:83700712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.156.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837613/; classtype:trojan-activity;sid:83700713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.217.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837611/; classtype:trojan-activity;sid:83700711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.10.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837610/; classtype:trojan-activity;sid:83700710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.177.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837609/; classtype:trojan-activity;sid:83700709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.87.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837607/; classtype:trojan-activity;sid:83700707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837608)"; flow:established,from_client; content:"GET"; http_method; content:"/files/syncq.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"161.35.56.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837608/; classtype:trojan-activity;sid:83700708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.222.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837606/; classtype:trojan-activity;sid:83700706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.164.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837605/; classtype:trojan-activity;sid:83700705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.149.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837604/; classtype:trojan-activity;sid:83700704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.35.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837603/; classtype:trojan-activity;sid:83700703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.5.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837602/; classtype:trojan-activity;sid:83700702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.33.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837601/; classtype:trojan-activity;sid:83700701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.95.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837600/; classtype:trojan-activity;sid:83700700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.253.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837599/; classtype:trojan-activity;sid:83700699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837598/; classtype:trojan-activity;sid:83700698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837597/; classtype:trojan-activity;sid:83700697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.13.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837596/; classtype:trojan-activity;sid:83700696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837595/; classtype:trojan-activity;sid:83700695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.105.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837594/; classtype:trojan-activity;sid:83700694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.166.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837593/; classtype:trojan-activity;sid:83700693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.10.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837592/; classtype:trojan-activity;sid:83700692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837591/; classtype:trojan-activity;sid:83700691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.77.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837589/; classtype:trojan-activity;sid:83700689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.250.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837590/; classtype:trojan-activity;sid:83700690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.57.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837588/; classtype:trojan-activity;sid:83700688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837587/; classtype:trojan-activity;sid:83700687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.226.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837586/; classtype:trojan-activity;sid:83700686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837585/; classtype:trojan-activity;sid:83700685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.193.178.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837584/; classtype:trojan-activity;sid:83700684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837583/; classtype:trojan-activity;sid:83700683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.166.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837582/; classtype:trojan-activity;sid:83700682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.17.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837581/; classtype:trojan-activity;sid:83700681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837580/; classtype:trojan-activity;sid:83700680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837579/; classtype:trojan-activity;sid:83700679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.10.89.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837578/; classtype:trojan-activity;sid:83700678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837577)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.177.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837577/; classtype:trojan-activity;sid:83700677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.170.49.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837576/; classtype:trojan-activity;sid:83700676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837575)"; flow:established,from_client; content:"GET"; http_method; content:"/z.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"sp-1300355179.cos.ap-shanghai.myqcloud.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837575/; classtype:trojan-activity;sid:83700675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.57.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837573/; classtype:trojan-activity;sid:83700673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837574)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/ukca.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837574/; classtype:trojan-activity;sid:83700674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837572/; classtype:trojan-activity;sid:83700672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.226.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837571/; classtype:trojan-activity;sid:83700671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.222.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837570/; classtype:trojan-activity;sid:83700670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837569/; classtype:trojan-activity;sid:83700669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.239.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837568/; classtype:trojan-activity;sid:83700668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.149.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837567/; classtype:trojan-activity;sid:83700667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.188.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837566/; classtype:trojan-activity;sid:83700666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.100.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837565/; classtype:trojan-activity;sid:83700665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.77.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837564/; classtype:trojan-activity;sid:83700664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837563/; classtype:trojan-activity;sid:83700663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.49.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837562/; classtype:trojan-activity;sid:83700662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.205.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837561/; classtype:trojan-activity;sid:83700661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837560/; classtype:trojan-activity;sid:83700660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.177.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837559/; classtype:trojan-activity;sid:83700659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837558/; classtype:trojan-activity;sid:83700658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837557/; classtype:trojan-activity;sid:83700657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.212.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837556/; classtype:trojan-activity;sid:83700656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.77.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837555/; classtype:trojan-activity;sid:83700655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.239.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837554/; classtype:trojan-activity;sid:83700654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.144.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837553/; classtype:trojan-activity;sid:83700653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.56.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837552/; classtype:trojan-activity;sid:83700652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.40.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837551/; classtype:trojan-activity;sid:83700651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.118.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837550/; classtype:trojan-activity;sid:83700650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.243.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837549/; classtype:trojan-activity;sid:83700649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837548)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bzo.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837548/; classtype:trojan-activity;sid:83700648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.188.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837547/; classtype:trojan-activity;sid:83700647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.0.253.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837546/; classtype:trojan-activity;sid:83700646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.213.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837545/; classtype:trojan-activity;sid:83700645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837544)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/khxf80t6conphyb.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837544/; classtype:trojan-activity;sid:83700644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837543/; classtype:trojan-activity;sid:83700643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837541/; classtype:trojan-activity;sid:83700641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.31.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837542/; classtype:trojan-activity;sid:83700642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.53.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837540/; classtype:trojan-activity;sid:83700640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.77.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837539/; classtype:trojan-activity;sid:83700639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.4.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837538/; classtype:trojan-activity;sid:83700638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.60.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837537/; classtype:trojan-activity;sid:83700637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.167.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837536/; classtype:trojan-activity;sid:83700636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.190.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837535/; classtype:trojan-activity;sid:83700635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.252.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837534/; classtype:trojan-activity;sid:83700634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837533/; classtype:trojan-activity;sid:83700633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.176.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837532/; classtype:trojan-activity;sid:83700632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.253.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837531/; classtype:trojan-activity;sid:83700631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.193.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837530/; classtype:trojan-activity;sid:83700630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837529/; classtype:trojan-activity;sid:83700629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.167.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837528/; classtype:trojan-activity;sid:83700628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837527)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.41.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837527/; classtype:trojan-activity;sid:83700627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837525/; classtype:trojan-activity;sid:83700625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837526/; classtype:trojan-activity;sid:83700626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.60.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837524/; classtype:trojan-activity;sid:83700624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.102.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837523/; classtype:trojan-activity;sid:83700623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.199.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837522/; classtype:trojan-activity;sid:83700622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837521/; classtype:trojan-activity;sid:83700621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.7.231.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837520/; classtype:trojan-activity;sid:83700620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.26.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837519/; classtype:trojan-activity;sid:83700619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.218.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837518/; classtype:trojan-activity;sid:83700618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837517/; classtype:trojan-activity;sid:83700617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837516/; classtype:trojan-activity;sid:83700616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837515/; classtype:trojan-activity;sid:83700615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.9.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837513/; classtype:trojan-activity;sid:83700613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.55.137.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837514/; classtype:trojan-activity;sid:83700614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.59.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837512/; classtype:trojan-activity;sid:83700612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837511/; classtype:trojan-activity;sid:83700611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837509/; classtype:trojan-activity;sid:83700609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837510)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.61.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837510/; classtype:trojan-activity;sid:83700610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"38.127.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837508/; classtype:trojan-activity;sid:83700608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837507)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.180.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837507/; classtype:trojan-activity;sid:83700607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.81.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837506/; classtype:trojan-activity;sid:83700606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837504/; classtype:trojan-activity;sid:83700604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.255.20.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837505/; classtype:trojan-activity;sid:83700605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.85.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837503/; classtype:trojan-activity;sid:83700603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.156.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837502/; classtype:trojan-activity;sid:83700602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.10.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837501/; classtype:trojan-activity;sid:83700601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.42.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837499/; classtype:trojan-activity;sid:83700599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.244.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837500/; classtype:trojan-activity;sid:83700600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.95.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837498/; classtype:trojan-activity;sid:83700598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837497/; classtype:trojan-activity;sid:83700597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.134.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837494/; classtype:trojan-activity;sid:83700594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.125.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837495/; classtype:trojan-activity;sid:83700595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837496/; classtype:trojan-activity;sid:83700596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.178.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837493/; classtype:trojan-activity;sid:83700593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.31.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837492/; classtype:trojan-activity;sid:83700592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837491/; classtype:trojan-activity;sid:83700591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.225.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837490/; classtype:trojan-activity;sid:83700590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.133.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837489/; classtype:trojan-activity;sid:83700589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.25.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837488/; classtype:trojan-activity;sid:83700588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.85.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837487/; classtype:trojan-activity;sid:83700587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837486/; classtype:trojan-activity;sid:83700586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837485/; classtype:trojan-activity;sid:83700585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.156.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837484/; classtype:trojan-activity;sid:83700584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.240.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837483/; classtype:trojan-activity;sid:83700583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.155.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837482/; classtype:trojan-activity;sid:83700582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.27.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837481/; classtype:trojan-activity;sid:83700581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.106.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837479/; classtype:trojan-activity;sid:83700579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837480/; classtype:trojan-activity;sid:83700580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.125.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837478/; classtype:trojan-activity;sid:83700578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.209.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837477/; classtype:trojan-activity;sid:83700577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.32.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837476/; classtype:trojan-activity;sid:83700576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.25.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837475/; classtype:trojan-activity;sid:83700575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837474/; classtype:trojan-activity;sid:83700574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.31.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837473/; classtype:trojan-activity;sid:83700573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.22.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837472/; classtype:trojan-activity;sid:83700572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837471)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.232.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837471/; classtype:trojan-activity;sid:83700571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.93.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837470/; classtype:trojan-activity;sid:83700570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.109.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837469/; classtype:trojan-activity;sid:83700569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837468/; classtype:trojan-activity;sid:83700568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837467/; classtype:trojan-activity;sid:83700567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.183.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837466/; classtype:trojan-activity;sid:83700566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.226.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837464/; classtype:trojan-activity;sid:83700564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.209.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837465/; classtype:trojan-activity;sid:83700565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837463/; classtype:trojan-activity;sid:83700563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.98.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837462/; classtype:trojan-activity;sid:83700562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.38.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837461/; classtype:trojan-activity;sid:83700561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.240.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837460/; classtype:trojan-activity;sid:83700560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.12.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837459/; classtype:trojan-activity;sid:83700559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.232.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837458/; classtype:trojan-activity;sid:83700558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.222.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837457/; classtype:trojan-activity;sid:83700557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.4.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837456/; classtype:trojan-activity;sid:83700556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.240.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837455/; classtype:trojan-activity;sid:83700555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.109.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837454/; classtype:trojan-activity;sid:83700554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837453/; classtype:trojan-activity;sid:83700553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837452/; classtype:trojan-activity;sid:83700552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837451/; classtype:trojan-activity;sid:83700551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837450/; classtype:trojan-activity;sid:83700550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.98.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837449/; classtype:trojan-activity;sid:83700549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.240.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837448/; classtype:trojan-activity;sid:83700548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.188.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837447/; classtype:trojan-activity;sid:83700547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.196.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837446/; classtype:trojan-activity;sid:83700546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.153.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837445/; classtype:trojan-activity;sid:83700545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.237.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837444/; classtype:trojan-activity;sid:83700544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.148.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837443/; classtype:trojan-activity;sid:83700543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.157.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837442/; classtype:trojan-activity;sid:83700542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.218.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837441/; classtype:trojan-activity;sid:83700541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.55.78.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837440/; classtype:trojan-activity;sid:83700540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.110.15.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837439/; classtype:trojan-activity;sid:83700539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.197.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837438/; classtype:trojan-activity;sid:83700538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.114.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837437/; classtype:trojan-activity;sid:83700537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.27.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837436/; classtype:trojan-activity;sid:83700536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.21.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837435/; classtype:trojan-activity;sid:83700535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837434/; classtype:trojan-activity;sid:83700534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.57.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837432/; classtype:trojan-activity;sid:83700532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.187.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837433/; classtype:trojan-activity;sid:83700533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.188.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837431/; classtype:trojan-activity;sid:83700531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.148.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837430/; classtype:trojan-activity;sid:83700530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.153.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837429/; classtype:trojan-activity;sid:83700529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.51.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837428/; classtype:trojan-activity;sid:83700528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.3.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837426/; classtype:trojan-activity;sid:83700526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.196.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837427/; classtype:trojan-activity;sid:83700527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837425)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.165.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837425/; classtype:trojan-activity;sid:83700525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.237.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837424/; classtype:trojan-activity;sid:83700524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837423/; classtype:trojan-activity;sid:83700523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.55.78.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837422/; classtype:trojan-activity;sid:83700522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.43.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837421/; classtype:trojan-activity;sid:83700521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.57.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837420/; classtype:trojan-activity;sid:83700520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837419/; classtype:trojan-activity;sid:83700519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.110.15.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837418/; classtype:trojan-activity;sid:83700518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.27.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837417/; classtype:trojan-activity;sid:83700517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.243.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837416/; classtype:trojan-activity;sid:83700516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837415/; classtype:trojan-activity;sid:83700515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.90.68.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837414/; classtype:trojan-activity;sid:83700514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837413/; classtype:trojan-activity;sid:83700513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.233.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837412/; classtype:trojan-activity;sid:83700512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837411/; classtype:trojan-activity;sid:83700511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.179.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837409/; classtype:trojan-activity;sid:83700509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837410/; classtype:trojan-activity;sid:83700510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.249.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837408/; classtype:trojan-activity;sid:83700508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.164.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837407/; classtype:trojan-activity;sid:83700507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.41.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837406/; classtype:trojan-activity;sid:83700506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837405/; classtype:trojan-activity;sid:83700505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837404/; classtype:trojan-activity;sid:83700504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.216.34.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837403/; classtype:trojan-activity;sid:83700503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.189.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837402/; classtype:trojan-activity;sid:83700502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.223.130.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837401/; classtype:trojan-activity;sid:83700501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837400/; classtype:trojan-activity;sid:83700500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837399/; classtype:trojan-activity;sid:83700499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.53.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_04; reference:url, urlhaus.abuse.ch/url/2837398/; classtype:trojan-activity;sid:83700498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.250.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837397/; classtype:trojan-activity;sid:83700497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837396/; classtype:trojan-activity;sid:83700496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837395/; classtype:trojan-activity;sid:83700495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.74"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837394/; classtype:trojan-activity;sid:83700494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837393/; classtype:trojan-activity;sid:83700493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837392)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.104.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837392/; classtype:trojan-activity;sid:83700492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.184.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837391/; classtype:trojan-activity;sid:83700491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.144.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837390/; classtype:trojan-activity;sid:83700490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.179.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837389/; classtype:trojan-activity;sid:83700489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.94.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837388/; classtype:trojan-activity;sid:83700488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.164.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837387/; classtype:trojan-activity;sid:83700487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837386/; classtype:trojan-activity;sid:83700486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837385/; classtype:trojan-activity;sid:83700485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837384/; classtype:trojan-activity;sid:83700484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.172.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837383/; classtype:trojan-activity;sid:83700483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.72.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837382/; classtype:trojan-activity;sid:83700482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837381/; classtype:trojan-activity;sid:83700481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.113.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837380/; classtype:trojan-activity;sid:83700480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.90.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837379/; classtype:trojan-activity;sid:83700479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837378/; classtype:trojan-activity;sid:83700478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837377/; classtype:trojan-activity;sid:83700477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.239.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837376/; classtype:trojan-activity;sid:83700476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.4.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837375/; classtype:trojan-activity;sid:83700475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.52.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837374/; classtype:trojan-activity;sid:83700474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837373/; classtype:trojan-activity;sid:83700473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.188.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837372/; classtype:trojan-activity;sid:83700472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.18.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837370/; classtype:trojan-activity;sid:83700470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.4.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837371/; classtype:trojan-activity;sid:83700471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.72.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837369/; classtype:trojan-activity;sid:83700469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.250.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837368/; classtype:trojan-activity;sid:83700468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837367/; classtype:trojan-activity;sid:83700467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.94.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837366/; classtype:trojan-activity;sid:83700466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.113.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837365/; classtype:trojan-activity;sid:83700465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837364/; classtype:trojan-activity;sid:83700464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.90.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837363/; classtype:trojan-activity;sid:83700463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837361/; classtype:trojan-activity;sid:83700461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.179.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837362/; classtype:trojan-activity;sid:83700462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.234.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837360/; classtype:trojan-activity;sid:83700460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.80.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837359/; classtype:trojan-activity;sid:83700459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.46.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837358/; classtype:trojan-activity;sid:83700458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.148.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837357/; classtype:trojan-activity;sid:83700457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.29.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837356/; classtype:trojan-activity;sid:83700456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837355/; classtype:trojan-activity;sid:83700455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"61.83.215.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837354/; classtype:trojan-activity;sid:83700454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.225.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837353/; classtype:trojan-activity;sid:83700453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.55.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837352/; classtype:trojan-activity;sid:83700452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.57.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837351/; classtype:trojan-activity;sid:83700451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.215.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837350/; classtype:trojan-activity;sid:83700450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.0.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837349/; classtype:trojan-activity;sid:83700449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.134.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837348/; classtype:trojan-activity;sid:83700448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.194.72.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837347/; classtype:trojan-activity;sid:83700447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.29.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837346/; classtype:trojan-activity;sid:83700446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.240.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837345/; classtype:trojan-activity;sid:83700445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837344/; classtype:trojan-activity;sid:83700444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.116.155.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837343/; classtype:trojan-activity;sid:83700443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.72.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837342/; classtype:trojan-activity;sid:83700442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.240.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837341/; classtype:trojan-activity;sid:83700441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.97.148.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837340/; classtype:trojan-activity;sid:83700440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.21.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837339/; classtype:trojan-activity;sid:83700439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837338/; classtype:trojan-activity;sid:83700438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.181.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837337/; classtype:trojan-activity;sid:83700437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.254.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837336/; classtype:trojan-activity;sid:83700436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.225.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837335/; classtype:trojan-activity;sid:83700435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.55.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837334/; classtype:trojan-activity;sid:83700434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.3.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837333/; classtype:trojan-activity;sid:83700433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.149.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837332/; classtype:trojan-activity;sid:83700432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837331/; classtype:trojan-activity;sid:83700431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.155.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837329/; classtype:trojan-activity;sid:83700429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.134.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837330/; classtype:trojan-activity;sid:83700430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837328/; classtype:trojan-activity;sid:83700428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837327)"; flow:established,from_client; content:"GET"; http_method; content:"/img2.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"a0951248.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837327/; classtype:trojan-activity;sid:83700427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.147.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837326/; classtype:trojan-activity;sid:83700426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.18.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837325/; classtype:trojan-activity;sid:83700425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837324/; classtype:trojan-activity;sid:83700424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.197.222.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837321/; classtype:trojan-activity;sid:83700421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.49.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837322/; classtype:trojan-activity;sid:83700422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837323/; classtype:trojan-activity;sid:83700423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837320/; classtype:trojan-activity;sid:83700420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837319/; classtype:trojan-activity;sid:83700419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837318/; classtype:trojan-activity;sid:83700418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837317/; classtype:trojan-activity;sid:83700417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.234.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837316/; classtype:trojan-activity;sid:83700416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.94.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837315/; classtype:trojan-activity;sid:83700415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.26.175.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837314/; classtype:trojan-activity;sid:83700414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837313/; classtype:trojan-activity;sid:83700413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837312/; classtype:trojan-activity;sid:83700412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837311/; classtype:trojan-activity;sid:83700411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837310)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.54.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837310/; classtype:trojan-activity;sid:83700410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.12.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837309/; classtype:trojan-activity;sid:83700409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.78.30.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837308/; classtype:trojan-activity;sid:83700408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837307)"; flow:established,from_client; content:"GET"; http_method; content:"/whserver.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"1.92.90.232"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837307/; classtype:trojan-activity;sid:83700407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837306)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837306/; classtype:trojan-activity;sid:83700406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.111.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837305/; classtype:trojan-activity;sid:83700405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837304/; classtype:trojan-activity;sid:83700404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837303/; classtype:trojan-activity;sid:83700403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837302/; classtype:trojan-activity;sid:83700402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837301/; classtype:trojan-activity;sid:83700401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.84.159.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837300/; classtype:trojan-activity;sid:83700400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837299/; classtype:trojan-activity;sid:83700399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.6.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837298/; classtype:trojan-activity;sid:83700398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837297/; classtype:trojan-activity;sid:83700397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.208.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837296/; classtype:trojan-activity;sid:83700396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.139.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837295/; classtype:trojan-activity;sid:83700395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837294/; classtype:trojan-activity;sid:83700394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.84.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837293/; classtype:trojan-activity;sid:83700393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.78.30.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837292/; classtype:trojan-activity;sid:83700392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.112.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837290/; classtype:trojan-activity;sid:83700390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837291/; classtype:trojan-activity;sid:83700391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.95.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837289/; classtype:trojan-activity;sid:83700389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.33.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837288/; classtype:trojan-activity;sid:83700388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837287)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837287/; classtype:trojan-activity;sid:83700387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837286/; classtype:trojan-activity;sid:83700386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.71.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837285/; classtype:trojan-activity;sid:83700385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837284/; classtype:trojan-activity;sid:83700384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.255.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837283/; classtype:trojan-activity;sid:83700383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.86.71.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837282/; classtype:trojan-activity;sid:83700382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837281/; classtype:trojan-activity;sid:83700381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.10.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837280/; classtype:trojan-activity;sid:83700380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.231.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837279/; classtype:trojan-activity;sid:83700379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.36.223.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837278/; classtype:trojan-activity;sid:83700378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837277/; classtype:trojan-activity;sid:83700377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.165.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837276/; classtype:trojan-activity;sid:83700376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837274)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.190.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837274/; classtype:trojan-activity;sid:83700374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.233.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837275/; classtype:trojan-activity;sid:83700375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.204.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837273/; classtype:trojan-activity;sid:83700373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.139.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837272/; classtype:trojan-activity;sid:83700372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.64.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837271/; classtype:trojan-activity;sid:83700371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.208.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837270/; classtype:trojan-activity;sid:83700370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.84.163"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837269/; classtype:trojan-activity;sid:83700369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.244.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837268/; classtype:trojan-activity;sid:83700368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.141.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837267/; classtype:trojan-activity;sid:83700367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.33.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837265/; classtype:trojan-activity;sid:83700365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.199.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837266/; classtype:trojan-activity;sid:83700366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.36.223.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837264/; classtype:trojan-activity;sid:83700364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837263/; classtype:trojan-activity;sid:83700363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837262)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.10.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837262/; classtype:trojan-activity;sid:83700362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.64.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837261/; classtype:trojan-activity;sid:83700361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.43.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837259/; classtype:trojan-activity;sid:83700359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837260)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837260/; classtype:trojan-activity;sid:83700360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.190.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837258/; classtype:trojan-activity;sid:83700358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.244.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837257/; classtype:trojan-activity;sid:83700357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.91.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837256/; classtype:trojan-activity;sid:83700356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.194.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837255/; classtype:trojan-activity;sid:83700355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.15.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837254/; classtype:trojan-activity;sid:83700354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.153.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837253/; classtype:trojan-activity;sid:83700353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.142.190.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837252/; classtype:trojan-activity;sid:83700352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837251/; classtype:trojan-activity;sid:83700351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.163.252.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837250/; classtype:trojan-activity;sid:83700350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.118.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837249/; classtype:trojan-activity;sid:83700349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.82.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837248/; classtype:trojan-activity;sid:83700348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837247)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"npwfg.demo.betterbuiltdogs.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837247/; classtype:trojan-activity;sid:83700347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837246/; classtype:trojan-activity;sid:83700346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.234.186.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837245/; classtype:trojan-activity;sid:83700345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.82.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837244/; classtype:trojan-activity;sid:83700344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.34.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837241/; classtype:trojan-activity;sid:83700341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.82.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837242/; classtype:trojan-activity;sid:83700342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.17.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837243/; classtype:trojan-activity;sid:83700343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.122.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837240/; classtype:trojan-activity;sid:83700340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.62.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837239/; classtype:trojan-activity;sid:83700339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.172.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837236/; classtype:trojan-activity;sid:83700336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.171.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837237/; classtype:trojan-activity;sid:83700337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.94.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837238/; classtype:trojan-activity;sid:83700338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837235/; classtype:trojan-activity;sid:83700335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837234/; classtype:trojan-activity;sid:83700334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.217.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837232/; classtype:trojan-activity;sid:83700332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.111.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837233/; classtype:trojan-activity;sid:83700333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837231/; classtype:trojan-activity;sid:83700331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837230)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.118.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837230/; classtype:trojan-activity;sid:83700330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.234.186.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837229/; classtype:trojan-activity;sid:83700329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837228/; classtype:trojan-activity;sid:83700328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837227)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.182.81.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837227/; classtype:trojan-activity;sid:83700327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.122.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837226/; classtype:trojan-activity;sid:83700326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.168.137.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837225/; classtype:trojan-activity;sid:83700325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.41.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837224/; classtype:trojan-activity;sid:83700324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837223)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837223/; classtype:trojan-activity;sid:83700323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837222)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"163.142.61.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837222/; classtype:trojan-activity;sid:83700322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837221/; classtype:trojan-activity;sid:83700321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.62.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837220/; classtype:trojan-activity;sid:83700320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837219/; classtype:trojan-activity;sid:83700319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.171.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837218/; classtype:trojan-activity;sid:83700318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837217/; classtype:trojan-activity;sid:83700317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.168.137.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837216/; classtype:trojan-activity;sid:83700316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.11.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837215/; classtype:trojan-activity;sid:83700315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.44.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837214/; classtype:trojan-activity;sid:83700314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837213)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"net.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837213/; classtype:trojan-activity;sid:83700313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837212/; classtype:trojan-activity;sid:83700312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837211/; classtype:trojan-activity;sid:83700311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.223.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837210/; classtype:trojan-activity;sid:83700310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837209/; classtype:trojan-activity;sid:83700309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.26.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837208/; classtype:trojan-activity;sid:83700308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.171.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837206/; classtype:trojan-activity;sid:83700306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.64.74.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837207/; classtype:trojan-activity;sid:83700307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.158.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837205/; classtype:trojan-activity;sid:83700305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.44.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837203/; classtype:trojan-activity;sid:83700303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837204/; classtype:trojan-activity;sid:83700304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.205.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837202/; classtype:trojan-activity;sid:83700302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.200.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837201/; classtype:trojan-activity;sid:83700301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.254.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837200/; classtype:trojan-activity;sid:83700300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.121.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837199/; classtype:trojan-activity;sid:83700299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837198/; classtype:trojan-activity;sid:83700298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.254.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837197/; classtype:trojan-activity;sid:83700297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837196/; classtype:trojan-activity;sid:83700296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.231.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837193/; classtype:trojan-activity;sid:83700293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.226.38.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837194/; classtype:trojan-activity;sid:83700294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.44.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837195/; classtype:trojan-activity;sid:83700295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.234.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837191/; classtype:trojan-activity;sid:83700291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.92.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837192/; classtype:trojan-activity;sid:83700292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.158.11.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837190/; classtype:trojan-activity;sid:83700290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.205.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837189/; classtype:trojan-activity;sid:83700289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.95.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837188/; classtype:trojan-activity;sid:83700288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.53.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837187/; classtype:trojan-activity;sid:83700287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.30.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837186/; classtype:trojan-activity;sid:83700286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837185)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.91.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837185/; classtype:trojan-activity;sid:83700285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837184)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bupt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837184/; classtype:trojan-activity;sid:83700284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.143.36.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837183/; classtype:trojan-activity;sid:83700283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837182/; classtype:trojan-activity;sid:83700282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837181/; classtype:trojan-activity;sid:83700281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837180/; classtype:trojan-activity;sid:83700280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.10.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837179/; classtype:trojan-activity;sid:83700279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.145.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837178/; classtype:trojan-activity;sid:83700278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837177/; classtype:trojan-activity;sid:83700277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.200.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837176/; classtype:trojan-activity;sid:83700276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.175.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837175/; classtype:trojan-activity;sid:83700275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.92.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837174/; classtype:trojan-activity;sid:83700274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.161.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837173/; classtype:trojan-activity;sid:83700273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.81.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837172/; classtype:trojan-activity;sid:83700272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837171/; classtype:trojan-activity;sid:83700271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.83.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837170/; classtype:trojan-activity;sid:83700270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.4.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837169/; classtype:trojan-activity;sid:83700269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.129.242.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837168/; classtype:trojan-activity;sid:83700268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837167)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837167/; classtype:trojan-activity;sid:83700267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.254.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837166/; classtype:trojan-activity;sid:83700266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.11.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837165/; classtype:trojan-activity;sid:83700265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.50.186.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837163/; classtype:trojan-activity;sid:83700263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.183.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837164/; classtype:trojan-activity;sid:83700264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.53.19"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837162/; classtype:trojan-activity;sid:83700262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837161/; classtype:trojan-activity;sid:83700261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837160/; classtype:trojan-activity;sid:83700260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.205.30.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837159/; classtype:trojan-activity;sid:83700259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.145.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837158/; classtype:trojan-activity;sid:83700258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.143.36.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837157/; classtype:trojan-activity;sid:83700257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.121.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837156/; classtype:trojan-activity;sid:83700256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.245.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837155/; classtype:trojan-activity;sid:83700255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.179.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837153/; classtype:trojan-activity;sid:83700253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837154/; classtype:trojan-activity;sid:83700254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837152/; classtype:trojan-activity;sid:83700252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837151)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.69.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837151/; classtype:trojan-activity;sid:83700251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.175.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837150/; classtype:trojan-activity;sid:83700250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.126.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837149/; classtype:trojan-activity;sid:83700249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.44.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837148/; classtype:trojan-activity;sid:83700248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.245.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837147/; classtype:trojan-activity;sid:83700247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.0.86"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837146/; classtype:trojan-activity;sid:83700246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.191.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837145/; classtype:trojan-activity;sid:83700245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.64.68.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837144/; classtype:trojan-activity;sid:83700244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.156.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837143/; classtype:trojan-activity;sid:83700243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837142/; classtype:trojan-activity;sid:83700242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837141/; classtype:trojan-activity;sid:83700241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.7.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837140/; classtype:trojan-activity;sid:83700240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837139/; classtype:trojan-activity;sid:83700239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.95.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837138/; classtype:trojan-activity;sid:83700238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.168.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837137/; classtype:trojan-activity;sid:83700237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837136/; classtype:trojan-activity;sid:83700236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837135/; classtype:trojan-activity;sid:83700235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.7.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837134/; classtype:trojan-activity;sid:83700234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.254.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837133/; classtype:trojan-activity;sid:83700233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.168.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837132/; classtype:trojan-activity;sid:83700232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.215.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837131/; classtype:trojan-activity;sid:83700231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837130/; classtype:trojan-activity;sid:83700230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.84.86.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837129/; classtype:trojan-activity;sid:83700229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837128/; classtype:trojan-activity;sid:83700228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837127)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.84.159.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837127/; classtype:trojan-activity;sid:83700227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.253.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837126/; classtype:trojan-activity;sid:83700226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837125/; classtype:trojan-activity;sid:83700225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837124)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.57.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837124/; classtype:trojan-activity;sid:83700224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.184.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837123/; classtype:trojan-activity;sid:83700223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.13.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837122/; classtype:trojan-activity;sid:83700222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"93.84.86.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837121/; classtype:trojan-activity;sid:83700221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.56.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837120/; classtype:trojan-activity;sid:83700220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837119/; classtype:trojan-activity;sid:83700219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.98.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837118/; classtype:trojan-activity;sid:83700218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837117/; classtype:trojan-activity;sid:83700217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837116)"; flow:established,from_client; content:"GET"; http_method; content:"/ag_injector_latest.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dl.aginjector.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837116/; classtype:trojan-activity;sid:83700216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.203.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837115/; classtype:trojan-activity;sid:83700215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837114/; classtype:trojan-activity;sid:83700214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.83.168.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837113/; classtype:trojan-activity;sid:83700213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.158.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837112/; classtype:trojan-activity;sid:83700212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837110/; classtype:trojan-activity;sid:83700210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.181.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837111/; classtype:trojan-activity;sid:83700211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837109)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.biancfdaslkljdsfkw.shop"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837109/; classtype:trojan-activity;sid:83700209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837108)"; flow:established,from_client; content:"GET"; http_method; content:"//ready.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.210.106.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837108/; classtype:trojan-activity;sid:83700208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.55.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837107/; classtype:trojan-activity;sid:83700207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.5.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837106/; classtype:trojan-activity;sid:83700206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.118.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837105/; classtype:trojan-activity;sid:83700205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837104/; classtype:trojan-activity;sid:83700204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.32.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837103/; classtype:trojan-activity;sid:83700203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.185.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837102/; classtype:trojan-activity;sid:83700202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.118.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837101/; classtype:trojan-activity;sid:83700201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837100/; classtype:trojan-activity;sid:83700200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837099/; classtype:trojan-activity;sid:83700199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837098/; classtype:trojan-activity;sid:83700198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837097/; classtype:trojan-activity;sid:83700197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.235.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837096/; classtype:trojan-activity;sid:83700196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.154.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837095/; classtype:trojan-activity;sid:83700195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.240.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837094/; classtype:trojan-activity;sid:83700194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.241.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837093/; classtype:trojan-activity;sid:83700193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.246.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837092/; classtype:trojan-activity;sid:83700192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.232.66.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837091/; classtype:trojan-activity;sid:83700191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.146.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837090/; classtype:trojan-activity;sid:83700190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837089/; classtype:trojan-activity;sid:83700189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837088/; classtype:trojan-activity;sid:83700188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.218.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837086/; classtype:trojan-activity;sid:83700186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.184.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837087/; classtype:trojan-activity;sid:83700187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.59.107.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837085/; classtype:trojan-activity;sid:83700185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837084)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.243.157.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837084/; classtype:trojan-activity;sid:83700184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.1.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837082/; classtype:trojan-activity;sid:83700182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.154.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837083/; classtype:trojan-activity;sid:83700183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837081/; classtype:trojan-activity;sid:83700181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837080)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmq==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"77.105.147.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837080/; classtype:trojan-activity;sid:83700180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837079)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"94.156.79.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837079/; classtype:trojan-activity;sid:83700179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.1.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837078/; classtype:trojan-activity;sid:83700178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837077/; classtype:trojan-activity;sid:83700177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.235.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837076/; classtype:trojan-activity;sid:83700176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837075)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xp3x3bfmkfyx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837075/; classtype:trojan-activity;sid:83700175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.5.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837074/; classtype:trojan-activity;sid:83700174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837073/; classtype:trojan-activity;sid:83700173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837072/; classtype:trojan-activity;sid:83700172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.184.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837070/; classtype:trojan-activity;sid:83700170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837071/; classtype:trojan-activity;sid:83700171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837069/; classtype:trojan-activity;sid:83700169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837068)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xdpoawnndlfp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837068/; classtype:trojan-activity;sid:83700168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837067)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837067/; classtype:trojan-activity;sid:83700167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837066/; classtype:trojan-activity;sid:83700166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.200.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837065/; classtype:trojan-activity;sid:83700165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837064/; classtype:trojan-activity;sid:83700164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837063/; classtype:trojan-activity;sid:83700163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837057)"; flow:established,from_client; content:"GET"; http_method; content:"/teaser.mp4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.68.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837057/; classtype:trojan-activity;sid:83700157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837058)"; flow:established,from_client; content:"GET"; http_method; content:"/tutorial.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.68.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837058/; classtype:trojan-activity;sid:83700158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837059)"; flow:established,from_client; content:"GET"; http_method; content:"/space.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.68.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837059/; classtype:trojan-activity;sid:83700159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837060)"; flow:established,from_client; content:"GET"; http_method; content:"/t.mp4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.68.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837060/; classtype:trojan-activity;sid:83700160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837061)"; flow:established,from_client; content:"GET"; http_method; content:"/playkit.mp4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.68.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837061/; classtype:trojan-activity;sid:83700161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837062)"; flow:established,from_client; content:"GET"; http_method; content:"/mesho.mp4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.68.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837062/; classtype:trojan-activity;sid:83700162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.191.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837056/; classtype:trojan-activity;sid:83700156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.201.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837055/; classtype:trojan-activity;sid:83700155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837054/; classtype:trojan-activity;sid:83700154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.50.186.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837052/; classtype:trojan-activity;sid:83700152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837053)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.0.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837053/; classtype:trojan-activity;sid:83700153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.120.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837051/; classtype:trojan-activity;sid:83700151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.247.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837050/; classtype:trojan-activity;sid:83700150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.146.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837049/; classtype:trojan-activity;sid:83700149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837048)"; flow:established,from_client; content:"GET"; http_method; content:"/quwan/4.2.4/ddz_424.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ddzandroid-1254106500.cos.ap-shanghai.myqcloud.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837048/; classtype:trojan-activity;sid:83700148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837047/; classtype:trojan-activity;sid:83700147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837046)"; flow:established,from_client; content:"GET"; http_method; content:"/speed1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.210.106.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837046/; classtype:trojan-activity;sid:83700146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.94.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837045/; classtype:trojan-activity;sid:83700145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.214.34.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837044/; classtype:trojan-activity;sid:83700144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.104.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837041/; classtype:trojan-activity;sid:83700141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.137.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837042/; classtype:trojan-activity;sid:83700142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.212.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837043/; classtype:trojan-activity;sid:83700143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837040)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.93.68.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837040/; classtype:trojan-activity;sid:83700140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.148.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837039/; classtype:trojan-activity;sid:83700139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837038)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"193.222.96.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837038/; classtype:trojan-activity;sid:83700138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837037/; classtype:trojan-activity;sid:83700137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.148.210.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837036/; classtype:trojan-activity;sid:83700136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.105.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837035/; classtype:trojan-activity;sid:83700135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837034/; classtype:trojan-activity;sid:83700134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837032)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837032/; classtype:trojan-activity;sid:83700132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837033)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837033/; classtype:trojan-activity;sid:83700133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837031)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.57.184.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837031/; classtype:trojan-activity;sid:83700131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837030)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.57.184.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837030/; classtype:trojan-activity;sid:83700130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.85.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837029/; classtype:trojan-activity;sid:83700129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.113.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837028/; classtype:trojan-activity;sid:83700128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837027)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.214.34.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837027/; classtype:trojan-activity;sid:83700127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837026/; classtype:trojan-activity;sid:83700126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.94.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837025/; classtype:trojan-activity;sid:83700125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837024/; classtype:trojan-activity;sid:83700124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837023/; classtype:trojan-activity;sid:83700123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.133.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837022/; classtype:trojan-activity;sid:83700122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837014)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837014/; classtype:trojan-activity;sid:83700114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837015)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837015/; classtype:trojan-activity;sid:83700115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837016)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837016/; classtype:trojan-activity;sid:83700116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837017)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837017/; classtype:trojan-activity;sid:83700117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837018)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837018/; classtype:trojan-activity;sid:83700118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837019)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837019/; classtype:trojan-activity;sid:83700119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837020)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837020/; classtype:trojan-activity;sid:83700120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837021)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837021/; classtype:trojan-activity;sid:83700121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837012)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837012/; classtype:trojan-activity;sid:83700112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837013)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"204.76.203.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837013/; classtype:trojan-activity;sid:83700113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.86.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837011/; classtype:trojan-activity;sid:83700111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.3.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837009/; classtype:trojan-activity;sid:83700109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.94.85.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837010/; classtype:trojan-activity;sid:83700110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837008/; classtype:trojan-activity;sid:83700108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.58.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837007/; classtype:trojan-activity;sid:83700107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837006/; classtype:trojan-activity;sid:83700106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.247.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837005/; classtype:trojan-activity;sid:83700105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.91.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837004/; classtype:trojan-activity;sid:83700104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837003/; classtype:trojan-activity;sid:83700103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.171.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837002/; classtype:trojan-activity;sid:83700102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.105.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837001/; classtype:trojan-activity;sid:83700101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2837000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2837000/; classtype:trojan-activity;sid:83700100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.27.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836999/; classtype:trojan-activity;sid:83700099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.88.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836998/; classtype:trojan-activity;sid:83700098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836997/; classtype:trojan-activity;sid:83700097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.48.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836995/; classtype:trojan-activity;sid:83700095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.133.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836996/; classtype:trojan-activity;sid:83700096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.11.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836994/; classtype:trojan-activity;sid:83700094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836993/; classtype:trojan-activity;sid:83700093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836992)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.58.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836992/; classtype:trojan-activity;sid:83700092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.125.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836991/; classtype:trojan-activity;sid:83700091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.52.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836990/; classtype:trojan-activity;sid:83700090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.6.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836989/; classtype:trojan-activity;sid:83700089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.9.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836988/; classtype:trojan-activity;sid:83700088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.118"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836987/; classtype:trojan-activity;sid:83700087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.90.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836986/; classtype:trojan-activity;sid:83700086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836985)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669223850|3f|hash=2zmkdtitdyutko2nigmrkmidog493uvfxuvz0lglfo4|7c|26|7c|dl=z4zczsbhas1vbwn6mw2ymh3st3mtc9wuydmowzfqm8h|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836985/; classtype:trojan-activity;sid:83700085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836984)"; flow:established,from_client; content:"GET"; http_method; content:"/youhaveonefile.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"172.245.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836984/; classtype:trojan-activity;sid:83700084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836980/; classtype:trojan-activity;sid:83700080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836981)"; flow:established,from_client; content:"GET"; http_method; content:"/webeautifultogetitbackwithentirethingstogetinbacktogetbeautifulthingsinhandwithalotofthings___beautifulgirlsheisentirethingstogetitbacktogetinher.doc"; http_uri; depth:150; isdataat:!1,relative; nocase; content:"172.245.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836981/; classtype:trojan-activity;sid:83700081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836982)"; flow:established,from_client; content:"GET"; http_method; content:"/youhaveonefilefortody.vbs"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"172.245.123.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836982/; classtype:trojan-activity;sid:83700082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836983)"; flow:established,from_client; content:"GET"; http_method; content:"/d/0krpn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836983/; classtype:trojan-activity;sid:83700083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836979/; classtype:trojan-activity;sid:83700079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.235.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836978/; classtype:trojan-activity;sid:83700078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.18.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836977/; classtype:trojan-activity;sid:83700077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836976/; classtype:trojan-activity;sid:83700076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.206.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836975/; classtype:trojan-activity;sid:83700075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.9.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836974/; classtype:trojan-activity;sid:83700074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836973)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/master.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836973/; classtype:trojan-activity;sid:83700073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.149.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836972/; classtype:trojan-activity;sid:83700072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.125.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836971/; classtype:trojan-activity;sid:83700071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.226.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836970/; classtype:trojan-activity;sid:83700070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836969/; classtype:trojan-activity;sid:83700069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.83.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836968/; classtype:trojan-activity;sid:83700068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836967/; classtype:trojan-activity;sid:83700067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836966/; classtype:trojan-activity;sid:83700066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836965)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.98.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836965/; classtype:trojan-activity;sid:83700065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836964/; classtype:trojan-activity;sid:83700064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836963/; classtype:trojan-activity;sid:83700063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.249.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836962/; classtype:trojan-activity;sid:83700062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836961)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.11.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836961/; classtype:trojan-activity;sid:83700061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836960/; classtype:trojan-activity;sid:83700060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836959/; classtype:trojan-activity;sid:83700059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.149.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836958/; classtype:trojan-activity;sid:83700058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.91.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836957/; classtype:trojan-activity;sid:83700057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.105.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836956/; classtype:trojan-activity;sid:83700056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.48.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836955/; classtype:trojan-activity;sid:83700055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836953/; classtype:trojan-activity;sid:83700053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836954/; classtype:trojan-activity;sid:83700054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.253.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836952/; classtype:trojan-activity;sid:83700052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836951)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.167.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836951/; classtype:trojan-activity;sid:83700051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.189.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836950/; classtype:trojan-activity;sid:83700050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.241.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836949/; classtype:trojan-activity;sid:83700049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.242.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836948/; classtype:trojan-activity;sid:83700048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.222.237.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836947/; classtype:trojan-activity;sid:83700047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.172.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836946/; classtype:trojan-activity;sid:83700046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836945)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669220424|3f|hash=mv8znmaze5xs9z9jcxfauvp7kt1jf6udi3gixd1jkew|7c|26|7c|dl=lbgsjpqqdrudbukszifmfzwfthtx5dsrxub1xauspvk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836945/; classtype:trojan-activity;sid:83700045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.27.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836944/; classtype:trojan-activity;sid:83700044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.72.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836943/; classtype:trojan-activity;sid:83700043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836942/; classtype:trojan-activity;sid:83700042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.197.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836941/; classtype:trojan-activity;sid:83700041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.254.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836940/; classtype:trojan-activity;sid:83700040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.59.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836939/; classtype:trojan-activity;sid:83700039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.183.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836938/; classtype:trojan-activity;sid:83700038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836937/; classtype:trojan-activity;sid:83700037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.139.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836936/; classtype:trojan-activity;sid:83700036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.47.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836934/; classtype:trojan-activity;sid:83700034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.159.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836935/; classtype:trojan-activity;sid:83700035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.187.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836933/; classtype:trojan-activity;sid:83700033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836932/; classtype:trojan-activity;sid:83700032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.229.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836931/; classtype:trojan-activity;sid:83700031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.135.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836930/; classtype:trojan-activity;sid:83700030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.85.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836929/; classtype:trojan-activity;sid:83700029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836928/; classtype:trojan-activity;sid:83700028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.172.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836927/; classtype:trojan-activity;sid:83700027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836926/; classtype:trojan-activity;sid:83700026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836925)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669220450|3f|hash=sqkwzihsaokmwfjysvalkt4swexdz0reglplpzytdol|7c|26|7c|dl=zvwyhcru5hk9zqxo8mqduvg6y0whzondtbai0qjvzyo|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836925/; classtype:trojan-activity;sid:83700025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836924/; classtype:trojan-activity;sid:83700024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836923/; classtype:trojan-activity;sid:83700023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.228.199.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836922/; classtype:trojan-activity;sid:83700022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836921/; classtype:trojan-activity;sid:83700021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836920/; classtype:trojan-activity;sid:83700020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836919)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836919/; classtype:trojan-activity;sid:83700019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.124.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836917/; classtype:trojan-activity;sid:83700017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836918)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.179.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836918/; classtype:trojan-activity;sid:83700018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836916)"; flow:established,from_client; content:"GET"; http_method; content:"/4444.elf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"3.131.30.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836916/; classtype:trojan-activity;sid:83700016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.224.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836915/; classtype:trojan-activity;sid:83700015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.159.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836914/; classtype:trojan-activity;sid:83700014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.183.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836913/; classtype:trojan-activity;sid:83700013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.13.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836912/; classtype:trojan-activity;sid:83700012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.246.223.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836911/; classtype:trojan-activity;sid:83700011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.59.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836910/; classtype:trojan-activity;sid:83700010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836909/; classtype:trojan-activity;sid:83700009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.3.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836908/; classtype:trojan-activity;sid:83700008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836907/; classtype:trojan-activity;sid:83700007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836906/; classtype:trojan-activity;sid:83700006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.124.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836905/; classtype:trojan-activity;sid:83700005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.28.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836904/; classtype:trojan-activity;sid:83700004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836903/; classtype:trojan-activity;sid:83700003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.233.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836902/; classtype:trojan-activity;sid:83700002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.226.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836901/; classtype:trojan-activity;sid:83700001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.77.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836900/; classtype:trojan-activity;sid:83700000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.235.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836899/; classtype:trojan-activity;sid:83699999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.142.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836898/; classtype:trojan-activity;sid:83699998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.225.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836897/; classtype:trojan-activity;sid:83699997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836896/; classtype:trojan-activity;sid:83699996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.222.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836895/; classtype:trojan-activity;sid:83699995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.175.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836894/; classtype:trojan-activity;sid:83699994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.233.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836893/; classtype:trojan-activity;sid:83699993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.205.218.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836892/; classtype:trojan-activity;sid:83699992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.122.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836891/; classtype:trojan-activity;sid:83699991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.225.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836890/; classtype:trojan-activity;sid:83699990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836889)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836889/; classtype:trojan-activity;sid:83699989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836879)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836879/; classtype:trojan-activity;sid:83699979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836880)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836880/; classtype:trojan-activity;sid:83699980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836881)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836881/; classtype:trojan-activity;sid:83699981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836882)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836882/; classtype:trojan-activity;sid:83699982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836883)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836883/; classtype:trojan-activity;sid:83699983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836884)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836884/; classtype:trojan-activity;sid:83699984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836885)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836885/; classtype:trojan-activity;sid:83699985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836886)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836886/; classtype:trojan-activity;sid:83699986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836887)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836887/; classtype:trojan-activity;sid:83699987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836888)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836888/; classtype:trojan-activity;sid:83699988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836878)"; flow:established,from_client; content:"GET"; http_method; content:"/av.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836878/; classtype:trojan-activity;sid:83699978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.39.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836877/; classtype:trojan-activity;sid:83699977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.131.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836876/; classtype:trojan-activity;sid:83699976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.127.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836875/; classtype:trojan-activity;sid:83699975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836874/; classtype:trojan-activity;sid:83699974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836873/; classtype:trojan-activity;sid:83699973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.60.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836872/; classtype:trojan-activity;sid:83699972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.36.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836871/; classtype:trojan-activity;sid:83699971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836870/; classtype:trojan-activity;sid:83699970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836869/; classtype:trojan-activity;sid:83699969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.222.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836867/; classtype:trojan-activity;sid:83699967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.48.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836868/; classtype:trojan-activity;sid:83699968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.229.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836866/; classtype:trojan-activity;sid:83699966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836865)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.177.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836865/; classtype:trojan-activity;sid:83699965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836864/; classtype:trojan-activity;sid:83699964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836863/; classtype:trojan-activity;sid:83699963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836862)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.156.240.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836862/; classtype:trojan-activity;sid:83699962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836861)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"209.58.169.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836861/; classtype:trojan-activity;sid:83699961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836853)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.237.80.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836853/; classtype:trojan-activity;sid:83699953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836854)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.146.202.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836854/; classtype:trojan-activity;sid:83699954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836855)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.79.237.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836855/; classtype:trojan-activity;sid:83699955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836856)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"18.139.227.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836856/; classtype:trojan-activity;sid:83699956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836857)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"144.91.106.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836857/; classtype:trojan-activity;sid:83699957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836858)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"128.199.111.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836858/; classtype:trojan-activity;sid:83699958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.240.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836859/; classtype:trojan-activity;sid:83699959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836860)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.104.238.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836860/; classtype:trojan-activity;sid:83699960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836841)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.227.241.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836841/; classtype:trojan-activity;sid:83699941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836842)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.17.144.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836842/; classtype:trojan-activity;sid:83699942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.39.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836843/; classtype:trojan-activity;sid:83699943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836844)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"195.211.101.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836844/; classtype:trojan-activity;sid:83699944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836845)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"161.97.102.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836845/; classtype:trojan-activity;sid:83699945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836846)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.208.172.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836846/; classtype:trojan-activity;sid:83699946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836847)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"43.204.230.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836847/; classtype:trojan-activity;sid:83699947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836848)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"161.35.56.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836848/; classtype:trojan-activity;sid:83699948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836849)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"200.54.37.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836849/; classtype:trojan-activity;sid:83699949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836850)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"161.97.152.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836850/; classtype:trojan-activity;sid:83699950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836851)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.200.196.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836851/; classtype:trojan-activity;sid:83699951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836852)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"65.108.61.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836852/; classtype:trojan-activity;sid:83699952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836839)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.37.139.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836839/; classtype:trojan-activity;sid:83699939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836840)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"141.144.230.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836840/; classtype:trojan-activity;sid:83699940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836835)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"82.176.77.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836835/; classtype:trojan-activity;sid:83699935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836837)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"20.15.225.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836837/; classtype:trojan-activity;sid:83699937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836838)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"54.255.204.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836838/; classtype:trojan-activity;sid:83699938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836833)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.166.160.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836833/; classtype:trojan-activity;sid:83699933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836834)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"157.245.23.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836834/; classtype:trojan-activity;sid:83699934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836828)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836828/; classtype:trojan-activity;sid:83699928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836829)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836829/; classtype:trojan-activity;sid:83699929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836830)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836830/; classtype:trojan-activity;sid:83699930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836831)"; flow:established,from_client; content:"GET"; http_method; content:"/build.s.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"138.68.144.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836831/; classtype:trojan-activity;sid:83699931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836832)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836832/; classtype:trojan-activity;sid:83699932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.124.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836814/; classtype:trojan-activity;sid:83699914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.127.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836797/; classtype:trojan-activity;sid:83699897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836796/; classtype:trojan-activity;sid:83699896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836795/; classtype:trojan-activity;sid:83699895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836794)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/bots_mips"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836794/; classtype:trojan-activity;sid:83699894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.226.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836793/; classtype:trojan-activity;sid:83699893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.155.118.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836792/; classtype:trojan-activity;sid:83699892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836791/; classtype:trojan-activity;sid:83699891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.229.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836790/; classtype:trojan-activity;sid:83699890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836789/; classtype:trojan-activity;sid:83699889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.132.76.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836788/; classtype:trojan-activity;sid:83699888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836787)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836787/; classtype:trojan-activity;sid:83699887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836780)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836780/; classtype:trojan-activity;sid:83699880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836781)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836781/; classtype:trojan-activity;sid:83699881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836782)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836782/; classtype:trojan-activity;sid:83699882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836783)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836783/; classtype:trojan-activity;sid:83699883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836784)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836784/; classtype:trojan-activity;sid:83699884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836785)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836785/; classtype:trojan-activity;sid:83699885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836786)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836786/; classtype:trojan-activity;sid:83699886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836776)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836776/; classtype:trojan-activity;sid:83699876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836777)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836777/; classtype:trojan-activity;sid:83699877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836778)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836778/; classtype:trojan-activity;sid:83699878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836779)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836779/; classtype:trojan-activity;sid:83699879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836771)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836771/; classtype:trojan-activity;sid:83699871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836772)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836772/; classtype:trojan-activity;sid:83699872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836773)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836773/; classtype:trojan-activity;sid:83699873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836774)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836774/; classtype:trojan-activity;sid:83699874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836775)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836775/; classtype:trojan-activity;sid:83699875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836766)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836766/; classtype:trojan-activity;sid:83699866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836767)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836767/; classtype:trojan-activity;sid:83699867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836768)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836768/; classtype:trojan-activity;sid:83699868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836769)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836769/; classtype:trojan-activity;sid:83699869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836770)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836770/; classtype:trojan-activity;sid:83699870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.231.242.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836765/; classtype:trojan-activity;sid:83699865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.184.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836764/; classtype:trojan-activity;sid:83699864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836762)"; flow:established,from_client; content:"GET"; http_method; content:"/d/tvyrs"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836762/; classtype:trojan-activity;sid:83699862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836763)"; flow:established,from_client; content:"GET"; http_method; content:"/newrpdstuffffff.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"192.3.101.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836763/; classtype:trojan-activity;sid:83699863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836761/; classtype:trojan-activity;sid:83699861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836760/; classtype:trojan-activity;sid:83699860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836757)"; flow:established,from_client; content:"GET"; http_method; content:"/hotstuffnewrdp.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.3.101.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836757/; classtype:trojan-activity;sid:83699857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836758)"; flow:established,from_client; content:"GET"; http_method; content:"/wewanthowthemagicalwordshappeningeverywheretogetmebackwithgoodthingstounderstandtogetmeback___beautifulgirlcallingmefortea.doc"; http_uri; depth:127; isdataat:!1,relative; nocase; content:"192.3.101.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836758/; classtype:trojan-activity;sid:83699858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.16.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836759/; classtype:trojan-activity;sid:83699859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.186.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836756/; classtype:trojan-activity;sid:83699856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.225.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836754/; classtype:trojan-activity;sid:83699854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836755)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.175.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836755/; classtype:trojan-activity;sid:83699855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836751)"; flow:established,from_client; content:"GET"; http_method; content:"/sylvester.dwp"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836751/; classtype:trojan-activity;sid:83699851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836752)"; flow:established,from_client; content:"GET"; http_method; content:"/terminaljob.toc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836752/; classtype:trojan-activity;sid:83699852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836753)"; flow:established,from_client; content:"GET"; http_method; content:"/breastweed.lpk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836753/; classtype:trojan-activity;sid:83699853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836749)"; flow:established,from_client; content:"GET"; http_method; content:"/xjwsmgxxj86.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836749/; classtype:trojan-activity;sid:83699849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836750)"; flow:established,from_client; content:"GET"; http_method; content:"/pitaobi.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836750/; classtype:trojan-activity;sid:83699850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.251.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836748/; classtype:trojan-activity;sid:83699848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.68.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836747/; classtype:trojan-activity;sid:83699847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836746/; classtype:trojan-activity;sid:83699846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.55.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836745/; classtype:trojan-activity;sid:83699845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.183.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836742/; classtype:trojan-activity;sid:83699842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.155.118.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836743/; classtype:trojan-activity;sid:83699843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.209.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836744/; classtype:trojan-activity;sid:83699844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836741/; classtype:trojan-activity;sid:83699841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.231.242.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836740/; classtype:trojan-activity;sid:83699840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.186.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836739/; classtype:trojan-activity;sid:83699839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.184.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836737/; classtype:trojan-activity;sid:83699837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.71.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836738/; classtype:trojan-activity;sid:83699838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.76.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836736/; classtype:trojan-activity;sid:83699836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836735/; classtype:trojan-activity;sid:83699835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.183.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836734/; classtype:trojan-activity;sid:83699834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.91.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836733/; classtype:trojan-activity;sid:83699833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.185.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836732/; classtype:trojan-activity;sid:83699832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836731/; classtype:trojan-activity;sid:83699831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.58.188.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836730/; classtype:trojan-activity;sid:83699830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.111.131.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836729/; classtype:trojan-activity;sid:83699829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.68.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836728/; classtype:trojan-activity;sid:83699828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.42.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836727/; classtype:trojan-activity;sid:83699827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.91.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836726/; classtype:trojan-activity;sid:83699826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836725/; classtype:trojan-activity;sid:83699825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.196.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836724/; classtype:trojan-activity;sid:83699824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836723/; classtype:trojan-activity;sid:83699823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836722/; classtype:trojan-activity;sid:83699822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.91.61.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836721/; classtype:trojan-activity;sid:83699821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.251.13.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836720/; classtype:trojan-activity;sid:83699820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.149.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836719/; classtype:trojan-activity;sid:83699819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.90.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836718/; classtype:trojan-activity;sid:83699818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836717/; classtype:trojan-activity;sid:83699817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.188.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836716/; classtype:trojan-activity;sid:83699816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.112.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836715/; classtype:trojan-activity;sid:83699815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.42.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836714/; classtype:trojan-activity;sid:83699814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.190.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836713/; classtype:trojan-activity;sid:83699813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836712/; classtype:trojan-activity;sid:83699812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.173.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836711/; classtype:trojan-activity;sid:83699811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836710/; classtype:trojan-activity;sid:83699810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.31.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836708/; classtype:trojan-activity;sid:83699808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.227.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836709/; classtype:trojan-activity;sid:83699809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.196.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836707/; classtype:trojan-activity;sid:83699807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836706/; classtype:trojan-activity;sid:83699806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.56.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836704/; classtype:trojan-activity;sid:83699804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.238.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836705/; classtype:trojan-activity;sid:83699805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.84.110.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836703/; classtype:trojan-activity;sid:83699803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.22.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836702/; classtype:trojan-activity;sid:83699802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836701)"; flow:established,from_client; content:"GET"; http_method; content:"/hasleo_backup_suite.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"lallavedelajuderia.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836701/; classtype:trojan-activity;sid:83699801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.46.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836700/; classtype:trojan-activity;sid:83699800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836699/; classtype:trojan-activity;sid:83699799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836698/; classtype:trojan-activity;sid:83699798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.112.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836697/; classtype:trojan-activity;sid:83699797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.190.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836696/; classtype:trojan-activity;sid:83699796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.163.245.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836695/; classtype:trojan-activity;sid:83699795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.92.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836694/; classtype:trojan-activity;sid:83699794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.245.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836693/; classtype:trojan-activity;sid:83699793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836692/; classtype:trojan-activity;sid:83699792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.238.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836691/; classtype:trojan-activity;sid:83699791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.31.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836689/; classtype:trojan-activity;sid:83699789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836690)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.227.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836690/; classtype:trojan-activity;sid:83699790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.202.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836688/; classtype:trojan-activity;sid:83699788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836685)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836685/; classtype:trojan-activity;sid:83699785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.253.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836686/; classtype:trojan-activity;sid:83699786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836687)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.56.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836687/; classtype:trojan-activity;sid:83699787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836681)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836681/; classtype:trojan-activity;sid:83699781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836682)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836682/; classtype:trojan-activity;sid:83699782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836683)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836683/; classtype:trojan-activity;sid:83699783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836684)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.111.96.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836684/; classtype:trojan-activity;sid:83699784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836676)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836676/; classtype:trojan-activity;sid:83699776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836677)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836677/; classtype:trojan-activity;sid:83699777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836678)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836678/; classtype:trojan-activity;sid:83699778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836679)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836679/; classtype:trojan-activity;sid:83699779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836680)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836680/; classtype:trojan-activity;sid:83699780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836674)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836674/; classtype:trojan-activity;sid:83699774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836675)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"minuoddos.xyz"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836675/; classtype:trojan-activity;sid:83699775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.22.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836672/; classtype:trojan-activity;sid:83699772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836673)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836673/; classtype:trojan-activity;sid:83699773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836671/; classtype:trojan-activity;sid:83699771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836670)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836670/; classtype:trojan-activity;sid:83699770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836669)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836669/; classtype:trojan-activity;sid:83699769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836665)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836665/; classtype:trojan-activity;sid:83699765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836666)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836666/; classtype:trojan-activity;sid:83699766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836667)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836667/; classtype:trojan-activity;sid:83699767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836668)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836668/; classtype:trojan-activity;sid:83699768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836660)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836660/; classtype:trojan-activity;sid:83699760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836661)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836661/; classtype:trojan-activity;sid:83699761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836662)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836662/; classtype:trojan-activity;sid:83699762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836663)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86_64"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836663/; classtype:trojan-activity;sid:83699763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836664)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836664/; classtype:trojan-activity;sid:83699764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836651)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836651/; classtype:trojan-activity;sid:83699751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836652)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836652/; classtype:trojan-activity;sid:83699752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836653)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836653/; classtype:trojan-activity;sid:83699753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836654)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836654/; classtype:trojan-activity;sid:83699754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836655)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836655/; classtype:trojan-activity;sid:83699755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836656/; classtype:trojan-activity;sid:83699756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836657)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836657/; classtype:trojan-activity;sid:83699757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836658)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836658/; classtype:trojan-activity;sid:83699758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836659)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836659/; classtype:trojan-activity;sid:83699759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836649)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836649/; classtype:trojan-activity;sid:83699749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836650)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836650/; classtype:trojan-activity;sid:83699750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836645)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836645/; classtype:trojan-activity;sid:83699745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836646)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836646/; classtype:trojan-activity;sid:83699746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836647)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836647/; classtype:trojan-activity;sid:83699747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836648)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836648/; classtype:trojan-activity;sid:83699748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836640)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836640/; classtype:trojan-activity;sid:83699740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836641/; classtype:trojan-activity;sid:83699741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836642)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836642/; classtype:trojan-activity;sid:83699742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836643)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836643/; classtype:trojan-activity;sid:83699743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836644)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836644/; classtype:trojan-activity;sid:83699744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836636)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836636/; classtype:trojan-activity;sid:83699736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836637)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836637/; classtype:trojan-activity;sid:83699737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836638)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836638/; classtype:trojan-activity;sid:83699738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836639)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836639/; classtype:trojan-activity;sid:83699739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836632/; classtype:trojan-activity;sid:83699732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836633/; classtype:trojan-activity;sid:83699733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836634/; classtype:trojan-activity;sid:83699734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836635)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836635/; classtype:trojan-activity;sid:83699735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836630/; classtype:trojan-activity;sid:83699730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.20.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836631/; classtype:trojan-activity;sid:83699731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836624)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836624/; classtype:trojan-activity;sid:83699724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836625)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836625/; classtype:trojan-activity;sid:83699725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836626)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836626/; classtype:trojan-activity;sid:83699726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836627)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836627/; classtype:trojan-activity;sid:83699727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836628)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836628/; classtype:trojan-activity;sid:83699728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836629)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836629/; classtype:trojan-activity;sid:83699729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836622)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bobs.kraken11op.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836622/; classtype:trojan-activity;sid:83699722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836623)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836623/; classtype:trojan-activity;sid:83699723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836620)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836620/; classtype:trojan-activity;sid:83699720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836621)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836621/; classtype:trojan-activity;sid:83699721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.34.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836619/; classtype:trojan-activity;sid:83699719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.112.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836618/; classtype:trojan-activity;sid:83699718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.232.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836617/; classtype:trojan-activity;sid:83699717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.127.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836616/; classtype:trojan-activity;sid:83699716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.151"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836615/; classtype:trojan-activity;sid:83699715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836614/; classtype:trojan-activity;sid:83699714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.89.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836613/; classtype:trojan-activity;sid:83699713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.245.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836612/; classtype:trojan-activity;sid:83699712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.79.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836610/; classtype:trojan-activity;sid:83699710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.163.245.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836611/; classtype:trojan-activity;sid:83699711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.197.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836609/; classtype:trojan-activity;sid:83699709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.7.231.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836608/; classtype:trojan-activity;sid:83699708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836607/; classtype:trojan-activity;sid:83699707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.124.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836606/; classtype:trojan-activity;sid:83699706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.31.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836605/; classtype:trojan-activity;sid:83699705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836604/; classtype:trojan-activity;sid:83699704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836603/; classtype:trojan-activity;sid:83699703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.20.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836602/; classtype:trojan-activity;sid:83699702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.163.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836601/; classtype:trojan-activity;sid:83699701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.50.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836600/; classtype:trojan-activity;sid:83699700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.75.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836599/; classtype:trojan-activity;sid:83699699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836598/; classtype:trojan-activity;sid:83699698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836597/; classtype:trojan-activity;sid:83699697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.116.206.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836596/; classtype:trojan-activity;sid:83699696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.75.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836595/; classtype:trojan-activity;sid:83699695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836594/; classtype:trojan-activity;sid:83699694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.120.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836593/; classtype:trojan-activity;sid:83699693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.187.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836591/; classtype:trojan-activity;sid:83699691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.181.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836592/; classtype:trojan-activity;sid:83699692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836590/; classtype:trojan-activity;sid:83699690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836589/; classtype:trojan-activity;sid:83699689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836588/; classtype:trojan-activity;sid:83699688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.181.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836587/; classtype:trojan-activity;sid:83699687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.130.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836586/; classtype:trojan-activity;sid:83699686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.133.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836585/; classtype:trojan-activity;sid:83699685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.206.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836584/; classtype:trojan-activity;sid:83699684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836583)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.200.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836583/; classtype:trojan-activity;sid:83699683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.83.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836582/; classtype:trojan-activity;sid:83699682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.247.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836581/; classtype:trojan-activity;sid:83699681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836575)"; flow:established,from_client; content:"GET"; http_method; content:"/files/winscp-6.3.2-setup.msix"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdn37.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836575/; classtype:trojan-activity;sid:83699675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836576)"; flow:established,from_client; content:"GET"; http_method; content:"/files/wsj.msix"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"eprst251.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836576/; classtype:trojan-activity;sid:83699676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836577)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sapconcur.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"eprst251.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836577/; classtype:trojan-activity;sid:83699677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836578)"; flow:established,from_client; content:"GET"; http_method; content:"/files/autodeskfusion.msix"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836578/; classtype:trojan-activity;sid:83699678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836579)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836579/; classtype:trojan-activity;sid:83699679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836580)"; flow:established,from_client; content:"GET"; http_method; content:"/files/webex.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cdn37.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836580/; classtype:trojan-activity;sid:83699680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836574)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836574/; classtype:trojan-activity;sid:83699674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836572)"; flow:established,from_client; content:"GET"; http_method; content:"/files/googlemeet.msix"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836572/; classtype:trojan-activity;sid:83699672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836573)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cdn46.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836573/; classtype:trojan-activity;sid:83699673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836565)"; flow:established,from_client; content:"GET"; http_method; content:"/files/7z.msix"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cdn47.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836565/; classtype:trojan-activity;sid:83699665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836566)"; flow:established,from_client; content:"GET"; http_method; content:"/dirtypipez"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836566/; classtype:trojan-activity;sid:83699666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836567)"; flow:established,from_client; content:"GET"; http_method; content:"/files/steepwriter_4.0.4.0_x64.msix"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"msq2323232300000.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836567/; classtype:trojan-activity;sid:83699667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836568)"; flow:established,from_client; content:"GET"; http_method; content:"/files/anydesk.msix"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"msq2323232300000.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836568/; classtype:trojan-activity;sid:83699668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836569)"; flow:established,from_client; content:"GET"; http_method; content:"/files/npp.installer.x64.msix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"msq2323232300000.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836569/; classtype:trojan-activity;sid:83699669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836570)"; flow:established,from_client; content:"GET"; http_method; content:"/files/cnn.msix"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836570/; classtype:trojan-activity;sid:83699670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836571)"; flow:established,from_client; content:"GET"; http_method; content:"/files/ciscosmartsoftware.msix"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"msq2323232300000.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836571/; classtype:trojan-activity;sid:83699671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836556)"; flow:established,from_client; content:"GET"; http_method; content:"/files/quicken.msix"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn30.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836556/; classtype:trojan-activity;sid:83699656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836557)"; flow:established,from_client; content:"GET"; http_method; content:"/files/hubspot.msix"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836557/; classtype:trojan-activity;sid:83699657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836558)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sapconcur.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836558/; classtype:trojan-activity;sid:83699658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836559)"; flow:established,from_client; content:"GET"; http_method; content:"/files/wsj.msix"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836559/; classtype:trojan-activity;sid:83699659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836560)"; flow:established,from_client; content:"GET"; http_method; content:"/files/vkontakte.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cdn42.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836560/; classtype:trojan-activity;sid:83699660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836561)"; flow:established,from_client; content:"GET"; http_method; content:"/files/blackrock.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cdn41.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836561/; classtype:trojan-activity;sid:83699661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836562)"; flow:established,from_client; content:"GET"; http_method; content:"/dirtypipez.c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836562/; classtype:trojan-activity;sid:83699662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836563)"; flow:established,from_client; content:"GET"; http_method; content:"/files/pgadmin4.msix"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"msq2323232300000.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836563/; classtype:trojan-activity;sid:83699663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836564)"; flow:established,from_client; content:"GET"; http_method; content:"/files/advancedipscanner.msix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"eprst431.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836564/; classtype:trojan-activity;sid:83699664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836553)"; flow:established,from_client; content:"GET"; http_method; content:"/files/goto_4.6.5.0_x64.msix"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"msq2323232300000.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836553/; classtype:trojan-activity;sid:83699653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836554)"; flow:established,from_client; content:"GET"; http_method; content:"/files/googlemeet.msix"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cdn40.click"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836554/; classtype:trojan-activity;sid:83699654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836555)"; flow:established,from_client; content:"GET"; http_method; content:"/files/anyconnect-win.msix"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cdn25.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836555/; classtype:trojan-activity;sid:83699655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836538)"; flow:established,from_client; content:"GET"; http_method; content:"/files/npp.installer.x64.msix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"cdn25.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836538/; classtype:trojan-activity;sid:83699638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836539)"; flow:established,from_client; content:"GET"; http_method; content:"/files/wsj.msix"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cdn1124.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836539/; classtype:trojan-activity;sid:83699639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836540)"; flow:established,from_client; content:"GET"; http_method; content:"/files/googlemeet.msix"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cdn1124.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836540/; classtype:trojan-activity;sid:83699640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836541)"; flow:established,from_client; content:"GET"; http_method; content:"/files/adobe_protected_pdf.msix"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"cdn33.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836541/; classtype:trojan-activity;sid:83699641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836542)"; flow:established,from_client; content:"GET"; http_method; content:"/files/airtable-x64.msix"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"cdn25.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836542/; classtype:trojan-activity;sid:83699642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836543)"; flow:established,from_client; content:"GET"; http_method; content:"/files/workday.msix"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cdn34.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836543/; classtype:trojan-activity;sid:83699643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836544)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sapconcur.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cdn1124.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836544/; classtype:trojan-activity;sid:83699644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836545)"; flow:established,from_client; content:"GET"; http_method; content:"/files/bloombergterminal-x64.msix"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"cdn25.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836545/; classtype:trojan-activity;sid:83699645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836546)"; flow:established,from_client; content:"GET"; http_method; content:"/files/googlemeet.msix"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"eprst251.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836546/; classtype:trojan-activity;sid:83699646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836547)"; flow:established,from_client; content:"GET"; http_method; content:"/files/aimp.msix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cdn32.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836547/; classtype:trojan-activity;sid:83699647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836548)"; flow:established,from_client; content:"GET"; http_method; content:"/files/wsj.msix"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cdn40.click"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836548/; classtype:trojan-activity;sid:83699648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836549)"; flow:established,from_client; content:"GET"; http_method; content:"/files/sapconcur.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"cdn40.click"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836549/; classtype:trojan-activity;sid:83699649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836550)"; flow:established,from_client; content:"GET"; http_method; content:"/files/document.msix"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cdn45.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836550/; classtype:trojan-activity;sid:83699650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836551)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cdn40.click"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836551/; classtype:trojan-activity;sid:83699651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836552)"; flow:established,from_client; content:"GET"; http_method; content:"/files/aimp.msix"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"cdn47.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836552/; classtype:trojan-activity;sid:83699652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836537)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cdn1124.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836537/; classtype:trojan-activity;sid:83699637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836536/; classtype:trojan-activity;sid:83699636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836534)"; flow:established,from_client; content:"GET"; http_method; content:"/prnportsixinfromationalprotectiontoundersnadmonekybodyhowmuchgoodtokissherlipswithlotoflovesheneverunderstandanythingwithoutknowingher__beautifulgirlshe.doc"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836534/; classtype:trojan-activity;sid:83699634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836535)"; flow:established,from_client; content:"GET"; http_method; content:"/archivenfromationalprotectiontoundersnadmonekybodyhowmuchgoodtokissherlipswithlotoflovesheneverunderstandanythingwithoutknowingher__beautifulgirlshe.doc"; http_uri; depth:153; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836535/; classtype:trojan-activity;sid:83699635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.150.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836533/; classtype:trojan-activity;sid:83699633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836532/; classtype:trojan-activity;sid:83699632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836531)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.6.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836531/; classtype:trojan-activity;sid:83699631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836530/; classtype:trojan-activity;sid:83699630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.205.69.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836529/; classtype:trojan-activity;sid:83699629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.72.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836528/; classtype:trojan-activity;sid:83699628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.10.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836527/; classtype:trojan-activity;sid:83699627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.120.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836526/; classtype:trojan-activity;sid:83699626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.124.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836525/; classtype:trojan-activity;sid:83699625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.115.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836523/; classtype:trojan-activity;sid:83699623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.141.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836524/; classtype:trojan-activity;sid:83699624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.132.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836522/; classtype:trojan-activity;sid:83699622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.1.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836521/; classtype:trojan-activity;sid:83699621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.160.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836518/; classtype:trojan-activity;sid:83699618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.21.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836519/; classtype:trojan-activity;sid:83699619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.247.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836520/; classtype:trojan-activity;sid:83699620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.149.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836517/; classtype:trojan-activity;sid:83699617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836515/; classtype:trojan-activity;sid:83699615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.36.157.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836516/; classtype:trojan-activity;sid:83699616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.6.73"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836514/; classtype:trojan-activity;sid:83699614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.83.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836513/; classtype:trojan-activity;sid:83699613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.10.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836512/; classtype:trojan-activity;sid:83699612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.102.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836511/; classtype:trojan-activity;sid:83699611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.205.69.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836510/; classtype:trojan-activity;sid:83699610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.59.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836509/; classtype:trojan-activity;sid:83699609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.170"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836508/; classtype:trojan-activity;sid:83699608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.9.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836507/; classtype:trojan-activity;sid:83699607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.117.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836505/; classtype:trojan-activity;sid:83699605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.57.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836506/; classtype:trojan-activity;sid:83699606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.84.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836504/; classtype:trojan-activity;sid:83699604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.206.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836503/; classtype:trojan-activity;sid:83699603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.148.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836502/; classtype:trojan-activity;sid:83699602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836501)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.186.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836501/; classtype:trojan-activity;sid:83699601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.170.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836500/; classtype:trojan-activity;sid:83699600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836499/; classtype:trojan-activity;sid:83699599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836498/; classtype:trojan-activity;sid:83699598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.204.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836497/; classtype:trojan-activity;sid:83699597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.102.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836496/; classtype:trojan-activity;sid:83699596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836495)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836495/; classtype:trojan-activity;sid:83699595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.139.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836494/; classtype:trojan-activity;sid:83699594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836493/; classtype:trojan-activity;sid:83699593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.185.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836492/; classtype:trojan-activity;sid:83699592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.159.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836491/; classtype:trojan-activity;sid:83699591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836490/; classtype:trojan-activity;sid:83699590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.152.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836488/; classtype:trojan-activity;sid:83699588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.148.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836489/; classtype:trojan-activity;sid:83699589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.84.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836487/; classtype:trojan-activity;sid:83699587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.11.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836486/; classtype:trojan-activity;sid:83699586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.44.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836484/; classtype:trojan-activity;sid:83699584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.149.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836485/; classtype:trojan-activity;sid:83699585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836483/; classtype:trojan-activity;sid:83699583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836482/; classtype:trojan-activity;sid:83699582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836481/; classtype:trojan-activity;sid:83699581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.57.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836480/; classtype:trojan-activity;sid:83699580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.65.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836479/; classtype:trojan-activity;sid:83699579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.182.189.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836478/; classtype:trojan-activity;sid:83699578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836477/; classtype:trojan-activity;sid:83699577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.67.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836476/; classtype:trojan-activity;sid:83699576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.21.176.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836475/; classtype:trojan-activity;sid:83699575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.253.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836474/; classtype:trojan-activity;sid:83699574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.185.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836473/; classtype:trojan-activity;sid:83699573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.159.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836472/; classtype:trojan-activity;sid:83699572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.152.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836470/; classtype:trojan-activity;sid:83699570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.185.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836471/; classtype:trojan-activity;sid:83699571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836469/; classtype:trojan-activity;sid:83699569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836468/; classtype:trojan-activity;sid:83699568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.139.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836467/; classtype:trojan-activity;sid:83699567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836466)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/bdc/shelovedsomeonetounderstandthebeautifulgirlpleasetrytogetherbackfromthebeautifulgirlsheisverybeautifulgirl___ithinksheisbeautifulandverybeautifulgirlsheis.doc"; http_uri; depth:169; isdataat:!1,relative; nocase; content:"192.3.239.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836466/; classtype:trojan-activity;sid:83699566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.7.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836464/; classtype:trojan-activity;sid:83699564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.126.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836465/; classtype:trojan-activity;sid:83699565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.204.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836463/; classtype:trojan-activity;sid:83699563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.185.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836462/; classtype:trojan-activity;sid:83699562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.190.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836461/; classtype:trojan-activity;sid:83699561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836459)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.68.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836459/; classtype:trojan-activity;sid:83699559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836460)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.68.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836460/; classtype:trojan-activity;sid:83699560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.204.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836458/; classtype:trojan-activity;sid:83699558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836457/; classtype:trojan-activity;sid:83699557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836454/; classtype:trojan-activity;sid:83699554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.5.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836455/; classtype:trojan-activity;sid:83699555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.57.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836456/; classtype:trojan-activity;sid:83699556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836453/; classtype:trojan-activity;sid:83699553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.215.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836452/; classtype:trojan-activity;sid:83699552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.224.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836451/; classtype:trojan-activity;sid:83699551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836450)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.65.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836450/; classtype:trojan-activity;sid:83699550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.215.249.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836449/; classtype:trojan-activity;sid:83699549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.6.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836448/; classtype:trojan-activity;sid:83699548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.16.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836447/; classtype:trojan-activity;sid:83699547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836446)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836446/; classtype:trojan-activity;sid:83699546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.148.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836445/; classtype:trojan-activity;sid:83699545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836444/; classtype:trojan-activity;sid:83699544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836442/; classtype:trojan-activity;sid:83699542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836443)"; flow:established,from_client; content:"GET"; http_method; content:"/get/ff481eed8e53ac2a7061ffcaeee5b75b/neverlose-crack.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836443/; classtype:trojan-activity;sid:83699543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836441)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/yohan.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836441/; classtype:trojan-activity;sid:83699541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836439/; classtype:trojan-activity;sid:83699539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836440/; classtype:trojan-activity;sid:83699540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836438/; classtype:trojan-activity;sid:83699538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836437)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669203810|3f|hash=nfbhg1szkwczc0kyvejf7jox3g8eypk8pjz2c8z8kzx|7c|26|7c|dl=4jrkmugbxbfu2fzmf16dxu9brevnwjvzbhyxtrk22zs|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836437/; classtype:trojan-activity;sid:83699537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.215.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836436/; classtype:trojan-activity;sid:83699536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836434/; classtype:trojan-activity;sid:83699534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.224.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836435/; classtype:trojan-activity;sid:83699535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.217.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836433/; classtype:trojan-activity;sid:83699533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.80.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836432/; classtype:trojan-activity;sid:83699532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.125.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836430/; classtype:trojan-activity;sid:83699530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.42.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836431/; classtype:trojan-activity;sid:83699531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.225.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836427/; classtype:trojan-activity;sid:83699527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836428/; classtype:trojan-activity;sid:83699528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.134.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836429/; classtype:trojan-activity;sid:83699529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.253.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836426/; classtype:trojan-activity;sid:83699526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836425/; classtype:trojan-activity;sid:83699525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.80.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836424/; classtype:trojan-activity;sid:83699524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836423/; classtype:trojan-activity;sid:83699523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836422/; classtype:trojan-activity;sid:83699522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836421/; classtype:trojan-activity;sid:83699521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836420/; classtype:trojan-activity;sid:83699520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836418/; classtype:trojan-activity;sid:83699518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836419/; classtype:trojan-activity;sid:83699519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.113.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836417/; classtype:trojan-activity;sid:83699517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.128.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836416/; classtype:trojan-activity;sid:83699516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.91.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836415/; classtype:trojan-activity;sid:83699515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836414/; classtype:trojan-activity;sid:83699514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836413/; classtype:trojan-activity;sid:83699513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836412/; classtype:trojan-activity;sid:83699512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.48.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836411/; classtype:trojan-activity;sid:83699511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.120.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836410/; classtype:trojan-activity;sid:83699510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.80.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836409/; classtype:trojan-activity;sid:83699509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.24.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836407/; classtype:trojan-activity;sid:83699507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.128.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836408/; classtype:trojan-activity;sid:83699508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836406/; classtype:trojan-activity;sid:83699506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836404/; classtype:trojan-activity;sid:83699504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836405/; classtype:trojan-activity;sid:83699505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.16.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836403/; classtype:trojan-activity;sid:83699503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.173.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836401/; classtype:trojan-activity;sid:83699501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.221.58.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836402/; classtype:trojan-activity;sid:83699502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.118.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836399/; classtype:trojan-activity;sid:83699499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.100.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836400/; classtype:trojan-activity;sid:83699500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.3.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836398/; classtype:trojan-activity;sid:83699498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.120.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836397/; classtype:trojan-activity;sid:83699497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.233.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836396/; classtype:trojan-activity;sid:83699496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.237.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836395/; classtype:trojan-activity;sid:83699495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.173.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836394/; classtype:trojan-activity;sid:83699494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.44.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836393/; classtype:trojan-activity;sid:83699493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.73.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836392/; classtype:trojan-activity;sid:83699492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.72.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836391/; classtype:trojan-activity;sid:83699491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.205.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836389/; classtype:trojan-activity;sid:83699489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836390)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.9.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836390/; classtype:trojan-activity;sid:83699490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836388/; classtype:trojan-activity;sid:83699488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.72.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836387/; classtype:trojan-activity;sid:83699487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.44.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836386/; classtype:trojan-activity;sid:83699486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.24.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836384/; classtype:trojan-activity;sid:83699484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.222.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836385/; classtype:trojan-activity;sid:83699485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.9.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836383/; classtype:trojan-activity;sid:83699483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.239"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836382/; classtype:trojan-activity;sid:83699482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836381/; classtype:trojan-activity;sid:83699481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.100.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836380/; classtype:trojan-activity;sid:83699480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.73.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836379/; classtype:trojan-activity;sid:83699479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.94.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836378/; classtype:trojan-activity;sid:83699478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.99.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836377/; classtype:trojan-activity;sid:83699477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.222.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836376/; classtype:trojan-activity;sid:83699476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836375/; classtype:trojan-activity;sid:83699475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.233.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836374/; classtype:trojan-activity;sid:83699474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836373/; classtype:trojan-activity;sid:83699473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.20.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836372/; classtype:trojan-activity;sid:83699472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.52.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836371/; classtype:trojan-activity;sid:83699471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836369)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836369/; classtype:trojan-activity;sid:83699469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836370/; classtype:trojan-activity;sid:83699470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836368/; classtype:trojan-activity;sid:83699468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836367/; classtype:trojan-activity;sid:83699467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.148.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836366/; classtype:trojan-activity;sid:83699466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.39.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836365/; classtype:trojan-activity;sid:83699465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836364/; classtype:trojan-activity;sid:83699464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836363)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.212.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836363/; classtype:trojan-activity;sid:83699463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836362)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.87.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836362/; classtype:trojan-activity;sid:83699462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.87.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836361/; classtype:trojan-activity;sid:83699461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.161.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836360/; classtype:trojan-activity;sid:83699460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836359/; classtype:trojan-activity;sid:83699459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836358/; classtype:trojan-activity;sid:83699458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.94.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836357/; classtype:trojan-activity;sid:83699457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.198.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836356/; classtype:trojan-activity;sid:83699456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.130"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836355/; classtype:trojan-activity;sid:83699455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.84.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836354/; classtype:trojan-activity;sid:83699454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.20.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836353/; classtype:trojan-activity;sid:83699453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.59.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836352/; classtype:trojan-activity;sid:83699452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.79.188.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836351/; classtype:trojan-activity;sid:83699451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836350)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.149.110.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836350/; classtype:trojan-activity;sid:83699450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836349)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.99.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836349/; classtype:trojan-activity;sid:83699449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836348/; classtype:trojan-activity;sid:83699448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836347/; classtype:trojan-activity;sid:83699447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.8.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836346/; classtype:trojan-activity;sid:83699446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836345/; classtype:trojan-activity;sid:83699445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.161.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836344/; classtype:trojan-activity;sid:83699444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.247.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836341/; classtype:trojan-activity;sid:83699441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836342)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.152.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836342/; classtype:trojan-activity;sid:83699442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.92.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836343/; classtype:trojan-activity;sid:83699443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.149.110.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836340/; classtype:trojan-activity;sid:83699440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.188.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836339/; classtype:trojan-activity;sid:83699439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.127.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836338/; classtype:trojan-activity;sid:83699438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.107.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836337/; classtype:trojan-activity;sid:83699437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.188.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836336/; classtype:trojan-activity;sid:83699436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836335/; classtype:trojan-activity;sid:83699435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.151.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836334/; classtype:trojan-activity;sid:83699434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.118.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836333/; classtype:trojan-activity;sid:83699433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.235"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836332/; classtype:trojan-activity;sid:83699432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.220.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836330/; classtype:trojan-activity;sid:83699430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.168.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836331/; classtype:trojan-activity;sid:83699431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.86.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836329/; classtype:trojan-activity;sid:83699429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.93.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836328/; classtype:trojan-activity;sid:83699428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836327/; classtype:trojan-activity;sid:83699427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.177.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836326/; classtype:trojan-activity;sid:83699426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836325)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.59.231.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836325/; classtype:trojan-activity;sid:83699425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.53.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836324/; classtype:trojan-activity;sid:83699424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836321)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836321/; classtype:trojan-activity;sid:83699421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836322/; classtype:trojan-activity;sid:83699422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.229.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836323/; classtype:trojan-activity;sid:83699423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.127.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836320/; classtype:trojan-activity;sid:83699420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836319/; classtype:trojan-activity;sid:83699419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.86.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836318/; classtype:trojan-activity;sid:83699418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836317/; classtype:trojan-activity;sid:83699417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836315)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"zea.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836315/; classtype:trojan-activity;sid:83699415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836316)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lmr.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836316/; classtype:trojan-activity;sid:83699416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836314)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669205086|3f|hash=pd9zt2zzvcph9sldb2fswbziw6fxpaajen5rkvravxw|7c|26|7c|dl=ovdzz8owdqmnba9d0lucmoo6gorzi72fnogy4ludzjk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836314/; classtype:trojan-activity;sid:83699414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.168.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836313/; classtype:trojan-activity;sid:83699413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.118.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836312/; classtype:trojan-activity;sid:83699412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.235"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836311/; classtype:trojan-activity;sid:83699411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836310/; classtype:trojan-activity;sid:83699410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.128.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836309/; classtype:trojan-activity;sid:83699409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.63.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836308/; classtype:trojan-activity;sid:83699408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836306/; classtype:trojan-activity;sid:83699406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.92.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836307/; classtype:trojan-activity;sid:83699407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.163.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836305/; classtype:trojan-activity;sid:83699405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.93.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836304/; classtype:trojan-activity;sid:83699404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.121.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836303/; classtype:trojan-activity;sid:83699403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.204.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836302/; classtype:trojan-activity;sid:83699402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.38.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836301/; classtype:trojan-activity;sid:83699401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836300/; classtype:trojan-activity;sid:83699400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.86.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836299/; classtype:trojan-activity;sid:83699399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836298/; classtype:trojan-activity;sid:83699398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.235.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836297/; classtype:trojan-activity;sid:83699397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.128.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836296/; classtype:trojan-activity;sid:83699396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836295/; classtype:trojan-activity;sid:83699395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.247.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836294/; classtype:trojan-activity;sid:83699394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.74.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836293/; classtype:trojan-activity;sid:83699393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.113.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836292/; classtype:trojan-activity;sid:83699392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.121.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836291/; classtype:trojan-activity;sid:83699391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.6.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836290/; classtype:trojan-activity;sid:83699390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.45.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836289/; classtype:trojan-activity;sid:83699389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836287/; classtype:trojan-activity;sid:83699387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836288/; classtype:trojan-activity;sid:83699388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836286/; classtype:trojan-activity;sid:83699386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836285/; classtype:trojan-activity;sid:83699385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.155.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836283/; classtype:trojan-activity;sid:83699383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.224.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836284/; classtype:trojan-activity;sid:83699384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.192.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836282/; classtype:trojan-activity;sid:83699382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.83.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836281/; classtype:trojan-activity;sid:83699381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.128.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836279/; classtype:trojan-activity;sid:83699379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.217.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836280/; classtype:trojan-activity;sid:83699380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.252.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836278/; classtype:trojan-activity;sid:83699378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836276/; classtype:trojan-activity;sid:83699376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.242.46.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836277/; classtype:trojan-activity;sid:83699377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836275)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669204581|3f|hash=qb6kdand09kpcmq06ednonfmrz2o4z6mtkvzzdsukhx|7c|26|7c|dl=3kbco67z1uvuzfgdbbqzp5iacgfit5jdfztsz0l9gnw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_03; reference:url, urlhaus.abuse.ch/url/2836275/; classtype:trojan-activity;sid:83699375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836274/; classtype:trojan-activity;sid:83699374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.155.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836273/; classtype:trojan-activity;sid:83699373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.128.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836272/; classtype:trojan-activity;sid:83699372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.68.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836271/; classtype:trojan-activity;sid:83699371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.120.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836270/; classtype:trojan-activity;sid:83699370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836269/; classtype:trojan-activity;sid:83699369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.56.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836268/; classtype:trojan-activity;sid:83699368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.147.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836267/; classtype:trojan-activity;sid:83699367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.205.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836266/; classtype:trojan-activity;sid:83699366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.16.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836265/; classtype:trojan-activity;sid:83699365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.111.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836264/; classtype:trojan-activity;sid:83699364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.102.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836263/; classtype:trojan-activity;sid:83699363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836262/; classtype:trojan-activity;sid:83699362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.120.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836261/; classtype:trojan-activity;sid:83699361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836260)"; flow:established,from_client; content:"GET"; http_method; content:"/teana/simon.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.96.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836260/; classtype:trojan-activity;sid:83699360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836259)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.29.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836259/; classtype:trojan-activity;sid:83699359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836258/; classtype:trojan-activity;sid:83699358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.15.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836257/; classtype:trojan-activity;sid:83699357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836255/; classtype:trojan-activity;sid:83699355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.19.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836256/; classtype:trojan-activity;sid:83699356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.146.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836254/; classtype:trojan-activity;sid:83699354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836253)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836253/; classtype:trojan-activity;sid:83699353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836252)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836252/; classtype:trojan-activity;sid:83699352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836251)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.245.177.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836251/; classtype:trojan-activity;sid:83699351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836250)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836250/; classtype:trojan-activity;sid:83699350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836249)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836249/; classtype:trojan-activity;sid:83699349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836248)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836248/; classtype:trojan-activity;sid:83699348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836245)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836245/; classtype:trojan-activity;sid:83699345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836246)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836246/; classtype:trojan-activity;sid:83699346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836247)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836247/; classtype:trojan-activity;sid:83699347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836236)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836236/; classtype:trojan-activity;sid:83699336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836237)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836237/; classtype:trojan-activity;sid:83699337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836238)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836238/; classtype:trojan-activity;sid:83699338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836239)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836239/; classtype:trojan-activity;sid:83699339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836240)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836240/; classtype:trojan-activity;sid:83699340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836241)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836241/; classtype:trojan-activity;sid:83699341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836242)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836242/; classtype:trojan-activity;sid:83699342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836243)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836243/; classtype:trojan-activity;sid:83699343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836244)"; flow:established,from_client; content:"GET"; http_method; content:"/libgcc_s.so.1"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"lax01.moejiang.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836244/; classtype:trojan-activity;sid:83699344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836231)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836231/; classtype:trojan-activity;sid:83699331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836232)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836232/; classtype:trojan-activity;sid:83699332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836233)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836233/; classtype:trojan-activity;sid:83699333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836234)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836234/; classtype:trojan-activity;sid:83699334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836235)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836235/; classtype:trojan-activity;sid:83699335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836227)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836227/; classtype:trojan-activity;sid:83699327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836228)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836228/; classtype:trojan-activity;sid:83699328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836229)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836229/; classtype:trojan-activity;sid:83699329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836230)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836230/; classtype:trojan-activity;sid:83699330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836221)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836221/; classtype:trojan-activity;sid:83699321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836222)"; flow:established,from_client; content:"GET"; http_method; content:"/i486"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836222/; classtype:trojan-activity;sid:83699322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836223)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836223/; classtype:trojan-activity;sid:83699323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836224)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836224/; classtype:trojan-activity;sid:83699324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836225)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836225/; classtype:trojan-activity;sid:83699325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836226)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836226/; classtype:trojan-activity;sid:83699326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836216)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836216/; classtype:trojan-activity;sid:83699316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836217)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836217/; classtype:trojan-activity;sid:83699317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836218)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836218/; classtype:trojan-activity;sid:83699318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836219)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836219/; classtype:trojan-activity;sid:83699319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836220)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836220/; classtype:trojan-activity;sid:83699320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836212)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836212/; classtype:trojan-activity;sid:83699312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836213)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836213/; classtype:trojan-activity;sid:83699313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836214)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836214/; classtype:trojan-activity;sid:83699314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836215)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836215/; classtype:trojan-activity;sid:83699315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836208)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836208/; classtype:trojan-activity;sid:83699308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836209)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836209/; classtype:trojan-activity;sid:83699309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836210)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836210/; classtype:trojan-activity;sid:83699310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836211)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836211/; classtype:trojan-activity;sid:83699311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836205)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836205/; classtype:trojan-activity;sid:83699305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836206)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836206/; classtype:trojan-activity;sid:83699306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836207)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836207/; classtype:trojan-activity;sid:83699307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836204)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836204/; classtype:trojan-activity;sid:83699304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836198)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836198/; classtype:trojan-activity;sid:83699298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836199)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836199/; classtype:trojan-activity;sid:83699299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836200)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836200/; classtype:trojan-activity;sid:83699300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836201)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836201/; classtype:trojan-activity;sid:83699301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836202)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836202/; classtype:trojan-activity;sid:83699302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836203)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836203/; classtype:trojan-activity;sid:83699303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836195)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"5.182.211.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836195/; classtype:trojan-activity;sid:83699295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836196)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.98.59.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836196/; classtype:trojan-activity;sid:83699296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836197)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836197/; classtype:trojan-activity;sid:83699297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836189)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836189/; classtype:trojan-activity;sid:83699289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836190)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836190/; classtype:trojan-activity;sid:83699290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836191)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836191/; classtype:trojan-activity;sid:83699291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836192)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836192/; classtype:trojan-activity;sid:83699292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836193)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836193/; classtype:trojan-activity;sid:83699293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836194)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.61.185.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836194/; classtype:trojan-activity;sid:83699294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836186)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836186/; classtype:trojan-activity;sid:83699286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836187)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836187/; classtype:trojan-activity;sid:83699287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836188)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836188/; classtype:trojan-activity;sid:83699288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836179)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836179/; classtype:trojan-activity;sid:83699279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836180)"; flow:established,from_client; content:"GET"; http_method; content:"/miraint.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.96.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836180/; classtype:trojan-activity;sid:83699280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836181)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836181/; classtype:trojan-activity;sid:83699281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836182)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836182/; classtype:trojan-activity;sid:83699282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836183)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836183/; classtype:trojan-activity;sid:83699283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836184)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836184/; classtype:trojan-activity;sid:83699284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836185)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836185/; classtype:trojan-activity;sid:83699285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836178)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836178/; classtype:trojan-activity;sid:83699278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836175/; classtype:trojan-activity;sid:83699275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836176)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836176/; classtype:trojan-activity;sid:83699276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836177)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836177/; classtype:trojan-activity;sid:83699277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836170)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sinfull"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.103.124.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836170/; classtype:trojan-activity;sid:83699270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836171)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836171/; classtype:trojan-activity;sid:83699271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836172)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836172/; classtype:trojan-activity;sid:83699272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836173)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836173/; classtype:trojan-activity;sid:83699273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836174)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836174/; classtype:trojan-activity;sid:83699274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836166)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836166/; classtype:trojan-activity;sid:83699266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836167/; classtype:trojan-activity;sid:83699267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836168)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836168/; classtype:trojan-activity;sid:83699268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836169)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836169/; classtype:trojan-activity;sid:83699269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836164/; classtype:trojan-activity;sid:83699264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836165/; classtype:trojan-activity;sid:83699265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836162/; classtype:trojan-activity;sid:83699262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"45.9.75.186"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836163/; classtype:trojan-activity;sid:83699263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836160/; classtype:trojan-activity;sid:83699260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.71.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836161/; classtype:trojan-activity;sid:83699261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836158)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836158/; classtype:trojan-activity;sid:83699258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836159)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836159/; classtype:trojan-activity;sid:83699259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.205.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836157/; classtype:trojan-activity;sid:83699257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836156/; classtype:trojan-activity;sid:83699256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836155/; classtype:trojan-activity;sid:83699255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.28.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836154/; classtype:trojan-activity;sid:83699254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836153)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836153/; classtype:trojan-activity;sid:83699253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836152/; classtype:trojan-activity;sid:83699252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836151/; classtype:trojan-activity;sid:83699251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.45.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836150/; classtype:trojan-activity;sid:83699250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.127.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836149/; classtype:trojan-activity;sid:83699249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.91.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836147/; classtype:trojan-activity;sid:83699247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.158.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836148/; classtype:trojan-activity;sid:83699248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836146)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.169.156.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836146/; classtype:trojan-activity;sid:83699246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836145/; classtype:trojan-activity;sid:83699245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.19.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836143/; classtype:trojan-activity;sid:83699243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836144)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.97.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836144/; classtype:trojan-activity;sid:83699244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.101.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836142/; classtype:trojan-activity;sid:83699242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836141)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.45.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836141/; classtype:trojan-activity;sid:83699241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.101.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836140/; classtype:trojan-activity;sid:83699240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836138/; classtype:trojan-activity;sid:83699238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836139/; classtype:trojan-activity;sid:83699239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.146.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836137/; classtype:trojan-activity;sid:83699237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.28.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836136/; classtype:trojan-activity;sid:83699236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836135)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.56.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836135/; classtype:trojan-activity;sid:83699235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.134.34.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836134/; classtype:trojan-activity;sid:83699234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836133)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xi0tpaxhgmsm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836133/; classtype:trojan-activity;sid:83699233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.33.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836132/; classtype:trojan-activity;sid:83699232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.240.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836130/; classtype:trojan-activity;sid:83699230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836131/; classtype:trojan-activity;sid:83699231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.27.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836129/; classtype:trojan-activity;sid:83699229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.172.29.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836128/; classtype:trojan-activity;sid:83699228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.91.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836127/; classtype:trojan-activity;sid:83699227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.158.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836126/; classtype:trojan-activity;sid:83699226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.45.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836124/; classtype:trojan-activity;sid:83699224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.27.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836125/; classtype:trojan-activity;sid:83699225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.177.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836123/; classtype:trojan-activity;sid:83699223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836122/; classtype:trojan-activity;sid:83699222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.159.62.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836121/; classtype:trojan-activity;sid:83699221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.85.109"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836120/; classtype:trojan-activity;sid:83699220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.134.34.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836119/; classtype:trojan-activity;sid:83699219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.172.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836118/; classtype:trojan-activity;sid:83699218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836117)"; flow:established,from_client; content:"GET"; http_method; content:"/file.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"pedomane.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836117/; classtype:trojan-activity;sid:83699217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.117.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836116/; classtype:trojan-activity;sid:83699216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.19.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836115/; classtype:trojan-activity;sid:83699215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.214.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836114/; classtype:trojan-activity;sid:83699214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.245.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836113/; classtype:trojan-activity;sid:83699213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.55.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836112/; classtype:trojan-activity;sid:83699212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.172.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836111/; classtype:trojan-activity;sid:83699211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.11.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836110/; classtype:trojan-activity;sid:83699210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.159.4.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836109/; classtype:trojan-activity;sid:83699209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836108)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669205597|3f|hash=gvgfmtmhx0w7b0f0tafixxfkgcgl5ub1ycurzh7vqnw|7c|26|7c|dl=qy5lfjqle5uhgj3tpbakk0wyjkdgycbjnmy2055r708|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836108/; classtype:trojan-activity;sid:83699208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.59.152.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836107/; classtype:trojan-activity;sid:83699207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.85.109"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836106/; classtype:trojan-activity;sid:83699206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.204.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836105/; classtype:trojan-activity;sid:83699205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836104/; classtype:trojan-activity;sid:83699204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836103)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.29.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836103/; classtype:trojan-activity;sid:83699203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.223.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836102/; classtype:trojan-activity;sid:83699202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.241.19.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836101/; classtype:trojan-activity;sid:83699201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.59.152.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836100/; classtype:trojan-activity;sid:83699200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.191.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836099/; classtype:trojan-activity;sid:83699199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.18.69.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836098/; classtype:trojan-activity;sid:83699198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836097/; classtype:trojan-activity;sid:83699197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836096/; classtype:trojan-activity;sid:83699196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836095/; classtype:trojan-activity;sid:83699195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.249.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836094/; classtype:trojan-activity;sid:83699194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836093/; classtype:trojan-activity;sid:83699193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.159.4.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836092/; classtype:trojan-activity;sid:83699192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.130.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836091/; classtype:trojan-activity;sid:83699191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.75.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836090/; classtype:trojan-activity;sid:83699190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.249.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836089/; classtype:trojan-activity;sid:83699189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.21.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836088/; classtype:trojan-activity;sid:83699188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.74.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836085/; classtype:trojan-activity;sid:83699185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.211.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836086/; classtype:trojan-activity;sid:83699186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.235.45.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836087/; classtype:trojan-activity;sid:83699187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.187.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836084/; classtype:trojan-activity;sid:83699184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.193.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836083/; classtype:trojan-activity;sid:83699183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836082/; classtype:trojan-activity;sid:83699182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.244.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836081/; classtype:trojan-activity;sid:83699181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836080/; classtype:trojan-activity;sid:83699180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.75.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836079/; classtype:trojan-activity;sid:83699179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.248.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836078/; classtype:trojan-activity;sid:83699178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836077/; classtype:trojan-activity;sid:83699177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.183.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836076/; classtype:trojan-activity;sid:83699176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.208.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836075/; classtype:trojan-activity;sid:83699175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836073/; classtype:trojan-activity;sid:83699173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836074/; classtype:trojan-activity;sid:83699174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.42.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836072/; classtype:trojan-activity;sid:83699172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.204.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836071/; classtype:trojan-activity;sid:83699171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.184.29.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836070/; classtype:trojan-activity;sid:83699170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836069)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"kkcmk.demo.betterbuiltdogs.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836069/; classtype:trojan-activity;sid:83699169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.45.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836068/; classtype:trojan-activity;sid:83699168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836067)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669204032|3f|hash=zqqoetxzryzwab3andqt1tim9tr2ws3n7rhywxlxo1h|7c|26|7c|dl=tmzbgjr3cazs2rytafpmkezzepvktrdex40hxspdxto|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836067/; classtype:trojan-activity;sid:83699167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.176.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836066/; classtype:trojan-activity;sid:83699166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836065)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xkmer5ygtxja"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836065/; classtype:trojan-activity;sid:83699165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.108.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836064/; classtype:trojan-activity;sid:83699164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836063/; classtype:trojan-activity;sid:83699163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836062/; classtype:trojan-activity;sid:83699162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.203.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836061/; classtype:trojan-activity;sid:83699161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.178.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836060/; classtype:trojan-activity;sid:83699160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.182.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836059/; classtype:trojan-activity;sid:83699159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.248.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836058/; classtype:trojan-activity;sid:83699158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.211.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836057/; classtype:trojan-activity;sid:83699157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836056/; classtype:trojan-activity;sid:83699156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.28.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836055/; classtype:trojan-activity;sid:83699155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.183.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836054/; classtype:trojan-activity;sid:83699154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.122.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836053/; classtype:trojan-activity;sid:83699153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836052/; classtype:trojan-activity;sid:83699152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.70.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836051/; classtype:trojan-activity;sid:83699151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836050/; classtype:trojan-activity;sid:83699150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.72.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836046/; classtype:trojan-activity;sid:83699146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.198.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836047/; classtype:trojan-activity;sid:83699147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.163.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836048/; classtype:trojan-activity;sid:83699148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.184.29.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836049/; classtype:trojan-activity;sid:83699149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.187.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836045/; classtype:trojan-activity;sid:83699145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.8.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836044/; classtype:trojan-activity;sid:83699144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.83.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836043/; classtype:trojan-activity;sid:83699143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.72.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836042/; classtype:trojan-activity;sid:83699142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.67.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836041/; classtype:trojan-activity;sid:83699141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836040/; classtype:trojan-activity;sid:83699140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.94.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836039/; classtype:trojan-activity;sid:83699139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.178.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836038/; classtype:trojan-activity;sid:83699138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.56.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836037/; classtype:trojan-activity;sid:83699137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.102.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836036/; classtype:trojan-activity;sid:83699136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836035/; classtype:trojan-activity;sid:83699135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.200.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836033/; classtype:trojan-activity;sid:83699133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.8.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836034/; classtype:trojan-activity;sid:83699134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.108.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836032/; classtype:trojan-activity;sid:83699132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.67.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836031/; classtype:trojan-activity;sid:83699131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.122.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836030/; classtype:trojan-activity;sid:83699130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.163.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836029/; classtype:trojan-activity;sid:83699129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.251.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836028/; classtype:trojan-activity;sid:83699128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.175.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836027/; classtype:trojan-activity;sid:83699127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.51.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836026/; classtype:trojan-activity;sid:83699126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.245.255.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836025/; classtype:trojan-activity;sid:83699125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836024)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836024/; classtype:trojan-activity;sid:83699124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.92.144.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836023/; classtype:trojan-activity;sid:83699123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.102.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836022/; classtype:trojan-activity;sid:83699122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.245.255.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836021/; classtype:trojan-activity;sid:83699121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.251.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836020/; classtype:trojan-activity;sid:83699120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836019)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.210.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836019/; classtype:trojan-activity;sid:83699119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.178.83.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836018/; classtype:trojan-activity;sid:83699118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836017/; classtype:trojan-activity;sid:83699117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.56.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836015/; classtype:trojan-activity;sid:83699115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.92.144.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836016/; classtype:trojan-activity;sid:83699116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836014)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.227.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836014/; classtype:trojan-activity;sid:83699114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.170.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836013/; classtype:trojan-activity;sid:83699113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.34.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836011/; classtype:trojan-activity;sid:83699111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.241.227.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836012/; classtype:trojan-activity;sid:83699112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.83.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836010/; classtype:trojan-activity;sid:83699110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836009)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836009/; classtype:trojan-activity;sid:83699109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.69.155.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836007/; classtype:trojan-activity;sid:83699107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.251.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836008/; classtype:trojan-activity;sid:83699108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.210.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836006/; classtype:trojan-activity;sid:83699106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.178.83.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836005/; classtype:trojan-activity;sid:83699105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836004/; classtype:trojan-activity;sid:83699104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836002)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xmmhxgu4rhxy"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836002/; classtype:trojan-activity;sid:83699102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836003)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xgqzcc9lz5ad"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836003/; classtype:trojan-activity;sid:83699103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836001/; classtype:trojan-activity;sid:83699101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2836000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.28.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2836000/; classtype:trojan-activity;sid:83699100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835999)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835999/; classtype:trojan-activity;sid:83699099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.56.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835998/; classtype:trojan-activity;sid:83699098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.251.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835997/; classtype:trojan-activity;sid:83699097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.240.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835996/; classtype:trojan-activity;sid:83699096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835995/; classtype:trojan-activity;sid:83699095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.158.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835994/; classtype:trojan-activity;sid:83699094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835993)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.63.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835993/; classtype:trojan-activity;sid:83699093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.61.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835992/; classtype:trojan-activity;sid:83699092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.175.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835991/; classtype:trojan-activity;sid:83699091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835990)"; flow:established,from_client; content:"GET"; http_method; content:"/game/index.php"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"house-rm.ru"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835990/; classtype:trojan-activity;sid:83699090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.19.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835989/; classtype:trojan-activity;sid:83699089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.121.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835987/; classtype:trojan-activity;sid:83699087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.28.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835988/; classtype:trojan-activity;sid:83699088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.162.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835986/; classtype:trojan-activity;sid:83699086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835983/; classtype:trojan-activity;sid:83699083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.196.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835984/; classtype:trojan-activity;sid:83699084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.166.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835985/; classtype:trojan-activity;sid:83699085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.7.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835982/; classtype:trojan-activity;sid:83699082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835981/; classtype:trojan-activity;sid:83699081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835978/; classtype:trojan-activity;sid:83699078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.229.232.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835979/; classtype:trojan-activity;sid:83699079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.181.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835980/; classtype:trojan-activity;sid:83699080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835977/; classtype:trojan-activity;sid:83699077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835976/; classtype:trojan-activity;sid:83699076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.162.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835975/; classtype:trojan-activity;sid:83699075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.158.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835974/; classtype:trojan-activity;sid:83699074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.15.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835973/; classtype:trojan-activity;sid:83699073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835971/; classtype:trojan-activity;sid:83699071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.19.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835972/; classtype:trojan-activity;sid:83699072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"191.53.218.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835970/; classtype:trojan-activity;sid:83699070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835969/; classtype:trojan-activity;sid:83699069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.166.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835968/; classtype:trojan-activity;sid:83699068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.166.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835967/; classtype:trojan-activity;sid:83699067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835966/; classtype:trojan-activity;sid:83699066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835965/; classtype:trojan-activity;sid:83699065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.152.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835964/; classtype:trojan-activity;sid:83699064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.212.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835961/; classtype:trojan-activity;sid:83699061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.217.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835962/; classtype:trojan-activity;sid:83699062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835963)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835963/; classtype:trojan-activity;sid:83699063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835960)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.94.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835960/; classtype:trojan-activity;sid:83699060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.138.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835959/; classtype:trojan-activity;sid:83699059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.70.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835955/; classtype:trojan-activity;sid:83699055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.43.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835956/; classtype:trojan-activity;sid:83699056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835957)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.119.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835957/; classtype:trojan-activity;sid:83699057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.151.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835958/; classtype:trojan-activity;sid:83699058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835954)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.47.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835954/; classtype:trojan-activity;sid:83699054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.67.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835953/; classtype:trojan-activity;sid:83699053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.250.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835952/; classtype:trojan-activity;sid:83699052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835951/; classtype:trojan-activity;sid:83699051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835950)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ixvj.catching.fishingrealinvestments.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835950/; classtype:trojan-activity;sid:83699050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.194.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835949/; classtype:trojan-activity;sid:83699049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.37.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835948/; classtype:trojan-activity;sid:83699048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835947/; classtype:trojan-activity;sid:83699047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835945/; classtype:trojan-activity;sid:83699045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.186.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835946/; classtype:trojan-activity;sid:83699046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.118.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835944/; classtype:trojan-activity;sid:83699044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.217.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835943/; classtype:trojan-activity;sid:83699043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835942/; classtype:trojan-activity;sid:83699042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.224.246.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835941/; classtype:trojan-activity;sid:83699041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.74.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835940/; classtype:trojan-activity;sid:83699040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835939/; classtype:trojan-activity;sid:83699039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.94.31.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835938/; classtype:trojan-activity;sid:83699038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.218.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835937/; classtype:trojan-activity;sid:83699037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.49.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835936/; classtype:trojan-activity;sid:83699036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835934)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.172.105.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835934/; classtype:trojan-activity;sid:83699034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835935)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"167.172.105.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835935/; classtype:trojan-activity;sid:83699035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.74.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835933/; classtype:trojan-activity;sid:83699033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.244.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835932/; classtype:trojan-activity;sid:83699032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835931/; classtype:trojan-activity;sid:83699031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.204.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835930/; classtype:trojan-activity;sid:83699030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.69.155.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835929/; classtype:trojan-activity;sid:83699029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.236.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835928/; classtype:trojan-activity;sid:83699028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.118.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835927/; classtype:trojan-activity;sid:83699027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835926/; classtype:trojan-activity;sid:83699026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.117.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835925/; classtype:trojan-activity;sid:83699025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.24.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835924/; classtype:trojan-activity;sid:83699024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835923)"; flow:established,from_client; content:"GET"; http_method; content:"/xpmumnkrmzynrk242.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"enelltd.top"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835923/; classtype:trojan-activity;sid:83699023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835922)"; flow:established,from_client; content:"GET"; http_method; content:"/get/ef2ic/build22.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"transfer.adttemp.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835922/; classtype:trojan-activity;sid:83699022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835921/; classtype:trojan-activity;sid:83699021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.31.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835920/; classtype:trojan-activity;sid:83699020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835919)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ojug.demo.betterbuiltdogs.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835919/; classtype:trojan-activity;sid:83699019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.232.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835918/; classtype:trojan-activity;sid:83699018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.24.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835917/; classtype:trojan-activity;sid:83699017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835916/; classtype:trojan-activity;sid:83699016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835915/; classtype:trojan-activity;sid:83699015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.76.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835914/; classtype:trojan-activity;sid:83699014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835913/; classtype:trojan-activity;sid:83699013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.206.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835912/; classtype:trojan-activity;sid:83699012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835911)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.106.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835911/; classtype:trojan-activity;sid:83699011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.80.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835910/; classtype:trojan-activity;sid:83699010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.214.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835909/; classtype:trojan-activity;sid:83699009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.232.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835908/; classtype:trojan-activity;sid:83699008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.76.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835907/; classtype:trojan-activity;sid:83699007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.80.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835906/; classtype:trojan-activity;sid:83699006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.0.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835905/; classtype:trojan-activity;sid:83699005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835904/; classtype:trojan-activity;sid:83699004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835903/; classtype:trojan-activity;sid:83699003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835902)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669191683|3f|hash=kgc2v40zrx8qex51avaygvlsrnanpkezj8ayjho8icx|7c|26|7c|dl=b6q8yxpseafzvu9jjbfn1a3csaifqq9bl2nhqazfqxt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835902/; classtype:trojan-activity;sid:83699002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835900/; classtype:trojan-activity;sid:83699000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835901/; classtype:trojan-activity;sid:83699001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.34.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835894/; classtype:trojan-activity;sid:83698994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.214.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835895/; classtype:trojan-activity;sid:83698995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.68.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835896/; classtype:trojan-activity;sid:83698996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835897/; classtype:trojan-activity;sid:83698997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.30.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835898/; classtype:trojan-activity;sid:83698998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835899/; classtype:trojan-activity;sid:83698999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835885)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.108.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835885/; classtype:trojan-activity;sid:83698985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.31.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835886/; classtype:trojan-activity;sid:83698986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.145.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835887/; classtype:trojan-activity;sid:83698987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.34.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835888/; classtype:trojan-activity;sid:83698988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835889/; classtype:trojan-activity;sid:83698989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.203.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835890/; classtype:trojan-activity;sid:83698990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835891/; classtype:trojan-activity;sid:83698991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.53.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835892/; classtype:trojan-activity;sid:83698992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.112.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835893/; classtype:trojan-activity;sid:83698993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.194.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835878/; classtype:trojan-activity;sid:83698978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.194.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835879/; classtype:trojan-activity;sid:83698979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.240.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835880/; classtype:trojan-activity;sid:83698980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.96.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835881/; classtype:trojan-activity;sid:83698981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.15.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835882/; classtype:trojan-activity;sid:83698982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.96.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835883/; classtype:trojan-activity;sid:83698983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.212.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835884/; classtype:trojan-activity;sid:83698984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835877/; classtype:trojan-activity;sid:83698977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835876)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835876/; classtype:trojan-activity;sid:83698976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835875)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835875/; classtype:trojan-activity;sid:83698975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835874)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835874/; classtype:trojan-activity;sid:83698974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835873)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835873/; classtype:trojan-activity;sid:83698973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835872)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835872/; classtype:trojan-activity;sid:83698972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835871)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835871/; classtype:trojan-activity;sid:83698971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835870)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835870/; classtype:trojan-activity;sid:83698970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835869)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835869/; classtype:trojan-activity;sid:83698969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835868)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835868/; classtype:trojan-activity;sid:83698968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835867)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835867/; classtype:trojan-activity;sid:83698967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835866)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835866/; classtype:trojan-activity;sid:83698966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835865)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835865/; classtype:trojan-activity;sid:83698965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835864)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835864/; classtype:trojan-activity;sid:83698964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835863)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835863/; classtype:trojan-activity;sid:83698963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835861)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835861/; classtype:trojan-activity;sid:83698961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835862)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835862/; classtype:trojan-activity;sid:83698962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835860)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835860/; classtype:trojan-activity;sid:83698960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835859)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835859/; classtype:trojan-activity;sid:83698959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835858)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835858/; classtype:trojan-activity;sid:83698958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835857)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835857/; classtype:trojan-activity;sid:83698957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835856)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835856/; classtype:trojan-activity;sid:83698956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835855)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835855/; classtype:trojan-activity;sid:83698955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835854)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835854/; classtype:trojan-activity;sid:83698954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835853)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835853/; classtype:trojan-activity;sid:83698953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835852)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835852/; classtype:trojan-activity;sid:83698952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835851)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835851/; classtype:trojan-activity;sid:83698951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835850)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835850/; classtype:trojan-activity;sid:83698950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835849)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835849/; classtype:trojan-activity;sid:83698949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835848)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835848/; classtype:trojan-activity;sid:83698948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835847)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835847/; classtype:trojan-activity;sid:83698947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835846)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835846/; classtype:trojan-activity;sid:83698946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835845)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835845/; classtype:trojan-activity;sid:83698945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835841)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835841/; classtype:trojan-activity;sid:83698941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835842)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835842/; classtype:trojan-activity;sid:83698942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835843)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835843/; classtype:trojan-activity;sid:83698943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835844)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835844/; classtype:trojan-activity;sid:83698944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835840)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835840/; classtype:trojan-activity;sid:83698940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835839)"; flow:established,from_client; content:"GET"; http_method; content:"/mm.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835839/; classtype:trojan-activity;sid:83698939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835838)"; flow:established,from_client; content:"GET"; http_method; content:"/ant.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835838/; classtype:trojan-activity;sid:83698938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835837/; classtype:trojan-activity;sid:83698937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835835)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835835/; classtype:trojan-activity;sid:83698935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.105.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835836/; classtype:trojan-activity;sid:83698936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835834)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835834/; classtype:trojan-activity;sid:83698934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835830)"; flow:established,from_client; content:"GET"; http_method; content:"/mm.elf"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835830/; classtype:trojan-activity;sid:83698930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835831)"; flow:established,from_client; content:"GET"; http_method; content:"/mm2.elf"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835831/; classtype:trojan-activity;sid:83698931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835832)"; flow:established,from_client; content:"GET"; http_method; content:"/sessions"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835832/; classtype:trojan-activity;sid:83698932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835833)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835833/; classtype:trojan-activity;sid:83698933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835829)"; flow:established,from_client; content:"GET"; http_method; content:"/v.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835829/; classtype:trojan-activity;sid:83698929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835827/; classtype:trojan-activity;sid:83698927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835828/; classtype:trojan-activity;sid:83698928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835825)"; flow:established,from_client; content:"GET"; http_method; content:"/mm2.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835825/; classtype:trojan-activity;sid:83698925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835826/; classtype:trojan-activity;sid:83698926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835824/; classtype:trojan-activity;sid:83698924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835823)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835823/; classtype:trojan-activity;sid:83698923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.178.80.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835822/; classtype:trojan-activity;sid:83698922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835821)"; flow:established,from_client; content:"GET"; http_method; content:"/ib4.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835821/; classtype:trojan-activity;sid:83698921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835819)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.169.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835819/; classtype:trojan-activity;sid:83698919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835820)"; flow:established,from_client; content:"GET"; http_method; content:"/mtls.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835820/; classtype:trojan-activity;sid:83698920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835818)"; flow:established,from_client; content:"GET"; http_method; content:"/9020/beautifulrosepictureforcuple.gif"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835818/; classtype:trojan-activity;sid:83698918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835817)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835817/; classtype:trojan-activity;sid:83698917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835815)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xa6niqxa4ivt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835815/; classtype:trojan-activity;sid:83698915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835816/; classtype:trojan-activity;sid:83698916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835814)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.213.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835814/; classtype:trojan-activity;sid:83698914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.212.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835813/; classtype:trojan-activity;sid:83698913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835807)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835807/; classtype:trojan-activity;sid:83698907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835808)"; flow:established,from_client; content:"GET"; http_method; content:"/hsts.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"167.71.205.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835808/; classtype:trojan-activity;sid:83698908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835809)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.35.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835809/; classtype:trojan-activity;sid:83698909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.80.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835810/; classtype:trojan-activity;sid:83698910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835811)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835811/; classtype:trojan-activity;sid:83698911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835812)"; flow:established,from_client; content:"GET"; http_method; content:"/backup/project/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"heko.ro"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835812/; classtype:trojan-activity;sid:83698912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.5.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835805/; classtype:trojan-activity;sid:83698905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.54.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835806/; classtype:trojan-activity;sid:83698906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835804)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835804/; classtype:trojan-activity;sid:83698904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.231.217.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835800/; classtype:trojan-activity;sid:83698900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.151.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835801/; classtype:trojan-activity;sid:83698901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835802)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xwuiws01uiwz"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835802/; classtype:trojan-activity;sid:83698902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835803)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835803/; classtype:trojan-activity;sid:83698903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835797)"; flow:established,from_client; content:"GET"; http_method; content:"/het.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.239.240.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835797/; classtype:trojan-activity;sid:83698897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835798)"; flow:established,from_client; content:"GET"; http_method; content:"/gdd3.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"198.12.81.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835798/; classtype:trojan-activity;sid:83698898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835799/; classtype:trojan-activity;sid:83698899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835795)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/images/img.jpg"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"totalhorsehealth.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835795/; classtype:trojan-activity;sid:83698895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.105.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835796/; classtype:trojan-activity;sid:83698896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835794/; classtype:trojan-activity;sid:83698894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.205.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835793/; classtype:trojan-activity;sid:83698893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835790)"; flow:established,from_client; content:"GET"; http_method; content:"/85.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835790/; classtype:trojan-activity;sid:83698890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835791)"; flow:established,from_client; content:"GET"; http_method; content:"/backgroundremover-setup.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lallavedelajuderia.es"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835791/; classtype:trojan-activity;sid:83698891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835792)"; flow:established,from_client; content:"GET"; http_method; content:"/9020/kbo/beautifulroseipictureiseenitsshowingasabeautifulflowerwhichcomingfromtheworldanditsshowinghowbeautiful___sheiswhenthatroseonhairbeautiful.doc"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835792/; classtype:trojan-activity;sid:83698892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835789/; classtype:trojan-activity;sid:83698889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835788/; classtype:trojan-activity;sid:83698888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.222.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835787/; classtype:trojan-activity;sid:83698887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835784)"; flow:established,from_client; content:"GET"; http_method; content:"/flash.cn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"152.136.35.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835784/; classtype:trojan-activity;sid:83698884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835785)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.34.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835785/; classtype:trojan-activity;sid:83698885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835786/; classtype:trojan-activity;sid:83698886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.223.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835783/; classtype:trojan-activity;sid:83698883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.41.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835781/; classtype:trojan-activity;sid:83698881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835782)"; flow:established,from_client; content:"GET"; http_method; content:"/i4.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835782/; classtype:trojan-activity;sid:83698882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835780)"; flow:established,from_client; content:"GET"; http_method; content:"/83.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835780/; classtype:trojan-activity;sid:83698880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835776)"; flow:established,from_client; content:"GET"; http_method; content:"/x.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835776/; classtype:trojan-activity;sid:83698876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835777)"; flow:established,from_client; content:"GET"; http_method; content:"/9020/kbff.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835777/; classtype:trojan-activity;sid:83698877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835778)"; flow:established,from_client; content:"GET"; http_method; content:"/fucked.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"85.239.240.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835778/; classtype:trojan-activity;sid:83698878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835779)"; flow:established,from_client; content:"GET"; http_method; content:"/x.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"198.12.81.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835779/; classtype:trojan-activity;sid:83698879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.11.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835775/; classtype:trojan-activity;sid:83698875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.27.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835769/; classtype:trojan-activity;sid:83698869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835770/; classtype:trojan-activity;sid:83698870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.136.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835771/; classtype:trojan-activity;sid:83698871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.149.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835772/; classtype:trojan-activity;sid:83698872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.149.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835773/; classtype:trojan-activity;sid:83698873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.178.80.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835774/; classtype:trojan-activity;sid:83698874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835763)"; flow:established,from_client; content:"GET"; http_method; content:"/whqwpyhkpfairrmb.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.243.38.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835763/; classtype:trojan-activity;sid:83698863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.151.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835764/; classtype:trojan-activity;sid:83698864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.86.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835765/; classtype:trojan-activity;sid:83698865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.241.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835766/; classtype:trojan-activity;sid:83698866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835767)"; flow:established,from_client; content:"GET"; http_method; content:"/d/0fq71"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835767/; classtype:trojan-activity;sid:83698867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835768)"; flow:established,from_client; content:"GET"; http_method; content:"/4ib.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835768/; classtype:trojan-activity;sid:83698868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835760)"; flow:established,from_client; content:"GET"; http_method; content:"/wgaltypqicmixdhx.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.243.38.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835760/; classtype:trojan-activity;sid:83698860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835761)"; flow:established,from_client; content:"GET"; http_method; content:"/44.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"198.12.81.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835761/; classtype:trojan-activity;sid:83698861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.50.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835762/; classtype:trojan-activity;sid:83698862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835758)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835758/; classtype:trojan-activity;sid:83698858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835759)"; flow:established,from_client; content:"GET"; http_method; content:"/go.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835759/; classtype:trojan-activity;sid:83698859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835755)"; flow:established,from_client; content:"GET"; http_method; content:"/82.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835755/; classtype:trojan-activity;sid:83698855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835756)"; flow:established,from_client; content:"GET"; http_method; content:"/84.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835756/; classtype:trojan-activity;sid:83698856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835757)"; flow:established,from_client; content:"GET"; http_method; content:"/86.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835757/; classtype:trojan-activity;sid:83698857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835754)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835754/; classtype:trojan-activity;sid:83698854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835753)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835753/; classtype:trojan-activity;sid:83698853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835752)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835752/; classtype:trojan-activity;sid:83698852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835751)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835751/; classtype:trojan-activity;sid:83698851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835750)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835750/; classtype:trojan-activity;sid:83698850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835749)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835749/; classtype:trojan-activity;sid:83698849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835748)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835748/; classtype:trojan-activity;sid:83698848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835747)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835747/; classtype:trojan-activity;sid:83698847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835746)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835746/; classtype:trojan-activity;sid:83698846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835745)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835745/; classtype:trojan-activity;sid:83698845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835744)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835744/; classtype:trojan-activity;sid:83698844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835743)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835743/; classtype:trojan-activity;sid:83698843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835742)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835742/; classtype:trojan-activity;sid:83698842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835741)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835741/; classtype:trojan-activity;sid:83698841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835740)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835740/; classtype:trojan-activity;sid:83698840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835739)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835739/; classtype:trojan-activity;sid:83698839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835738)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835738/; classtype:trojan-activity;sid:83698838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835737)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835737/; classtype:trojan-activity;sid:83698837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835736)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835736/; classtype:trojan-activity;sid:83698836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835735)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835735/; classtype:trojan-activity;sid:83698835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835734)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835734/; classtype:trojan-activity;sid:83698834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835733)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835733/; classtype:trojan-activity;sid:83698833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835732)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835732/; classtype:trojan-activity;sid:83698832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835731)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835731/; classtype:trojan-activity;sid:83698831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835730)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835730/; classtype:trojan-activity;sid:83698830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835729)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835729/; classtype:trojan-activity;sid:83698829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835728)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835728/; classtype:trojan-activity;sid:83698828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835727)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835727/; classtype:trojan-activity;sid:83698827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835726)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835726/; classtype:trojan-activity;sid:83698826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835725)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835725/; classtype:trojan-activity;sid:83698825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835724)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835724/; classtype:trojan-activity;sid:83698824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835723)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835723/; classtype:trojan-activity;sid:83698823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835722)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835722/; classtype:trojan-activity;sid:83698822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835721)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835721/; classtype:trojan-activity;sid:83698821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835719)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835719/; classtype:trojan-activity;sid:83698819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835720)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835720/; classtype:trojan-activity;sid:83698820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835718)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835718/; classtype:trojan-activity;sid:83698818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835717)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835717/; classtype:trojan-activity;sid:83698817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835716)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835716/; classtype:trojan-activity;sid:83698816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835715)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835715/; classtype:trojan-activity;sid:83698815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835714)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835714/; classtype:trojan-activity;sid:83698814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835711)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835711/; classtype:trojan-activity;sid:83698811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835712)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835712/; classtype:trojan-activity;sid:83698812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835713)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835713/; classtype:trojan-activity;sid:83698813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835710)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835710/; classtype:trojan-activity;sid:83698810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835709)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835709/; classtype:trojan-activity;sid:83698809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835708)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835708/; classtype:trojan-activity;sid:83698808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835707)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835707/; classtype:trojan-activity;sid:83698807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835706)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835706/; classtype:trojan-activity;sid:83698806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835704)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835704/; classtype:trojan-activity;sid:83698804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835705)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835705/; classtype:trojan-activity;sid:83698805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835703)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835703/; classtype:trojan-activity;sid:83698803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835702)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835702/; classtype:trojan-activity;sid:83698802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835701)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835701/; classtype:trojan-activity;sid:83698801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835699)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835699/; classtype:trojan-activity;sid:83698799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835700)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835700/; classtype:trojan-activity;sid:83698800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835698)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835698/; classtype:trojan-activity;sid:83698798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835697)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835697/; classtype:trojan-activity;sid:83698797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835696)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835696/; classtype:trojan-activity;sid:83698796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835695)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835695/; classtype:trojan-activity;sid:83698795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835694)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835694/; classtype:trojan-activity;sid:83698794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.54.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835693/; classtype:trojan-activity;sid:83698793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835692)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835692/; classtype:trojan-activity;sid:83698792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835686)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835686/; classtype:trojan-activity;sid:83698786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835687)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835687/; classtype:trojan-activity;sid:83698787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835688)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835688/; classtype:trojan-activity;sid:83698788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835689)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2818%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835689/; classtype:trojan-activity;sid:83698789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835690)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835690/; classtype:trojan-activity;sid:83698790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835691)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835691/; classtype:trojan-activity;sid:83698791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835685)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835685/; classtype:trojan-activity;sid:83698785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835684)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835684/; classtype:trojan-activity;sid:83698784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835683)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835683/; classtype:trojan-activity;sid:83698783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835682)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835682/; classtype:trojan-activity;sid:83698782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835681)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835681/; classtype:trojan-activity;sid:83698781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835680)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835680/; classtype:trojan-activity;sid:83698780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835679)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835679/; classtype:trojan-activity;sid:83698779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835678)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835678/; classtype:trojan-activity;sid:83698778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835677)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835677/; classtype:trojan-activity;sid:83698777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835676)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835676/; classtype:trojan-activity;sid:83698776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835675)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.116.155.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835675/; classtype:trojan-activity;sid:83698775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835674)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835674/; classtype:trojan-activity;sid:83698774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835673)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835673/; classtype:trojan-activity;sid:83698773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835672)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835672/; classtype:trojan-activity;sid:83698772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835671)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835671/; classtype:trojan-activity;sid:83698771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835670)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835670/; classtype:trojan-activity;sid:83698770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835669)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835669/; classtype:trojan-activity;sid:83698769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835668)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835668/; classtype:trojan-activity;sid:83698768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835667)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835667/; classtype:trojan-activity;sid:83698767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835666)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835666/; classtype:trojan-activity;sid:83698766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835665)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835665/; classtype:trojan-activity;sid:83698765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835664)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835664/; classtype:trojan-activity;sid:83698764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835663)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835663/; classtype:trojan-activity;sid:83698763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835662)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835662/; classtype:trojan-activity;sid:83698762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835661)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835661/; classtype:trojan-activity;sid:83698761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835660)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835660/; classtype:trojan-activity;sid:83698760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835659)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835659/; classtype:trojan-activity;sid:83698759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835658)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835658/; classtype:trojan-activity;sid:83698758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835657)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835657/; classtype:trojan-activity;sid:83698757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835656)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835656/; classtype:trojan-activity;sid:83698756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835655)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835655/; classtype:trojan-activity;sid:83698755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835654)"; flow:established,from_client; content:"GET"; http_method; content:"/daemon_v2.3301.apk"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835654/; classtype:trojan-activity;sid:83698754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835653)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835653/; classtype:trojan-activity;sid:83698753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835652)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835652/; classtype:trojan-activity;sid:83698752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835651)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835651/; classtype:trojan-activity;sid:83698751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835650)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835650/; classtype:trojan-activity;sid:83698750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835649)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835649/; classtype:trojan-activity;sid:83698749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835648)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835648/; classtype:trojan-activity;sid:83698748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835647)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835647/; classtype:trojan-activity;sid:83698747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835645)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2819%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835645/; classtype:trojan-activity;sid:83698745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835646)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2817%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835646/; classtype:trojan-activity;sid:83698746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835644)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2811%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835644/; classtype:trojan-activity;sid:83698744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835643)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835643/; classtype:trojan-activity;sid:83698743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835642)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835642/; classtype:trojan-activity;sid:83698742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835641)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835641/; classtype:trojan-activity;sid:83698741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835640)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835640/; classtype:trojan-activity;sid:83698740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835639)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2814%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835639/; classtype:trojan-activity;sid:83698739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835638)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%289%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835638/; classtype:trojan-activity;sid:83698738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835637)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835637/; classtype:trojan-activity;sid:83698737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835636)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2813%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835636/; classtype:trojan-activity;sid:83698736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.217.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835635/; classtype:trojan-activity;sid:83698735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835633)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2816%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835633/; classtype:trojan-activity;sid:83698733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835634)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2820%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835634/; classtype:trojan-activity;sid:83698734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835632)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835632/; classtype:trojan-activity;sid:83698732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835631)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2812%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835631/; classtype:trojan-activity;sid:83698731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835630)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835630/; classtype:trojan-activity;sid:83698730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835628)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835628/; classtype:trojan-activity;sid:83698728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835629)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2815%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835629/; classtype:trojan-activity;sid:83698729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835627)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.216.70.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835627/; classtype:trojan-activity;sid:83698727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.232.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835626/; classtype:trojan-activity;sid:83698726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.92.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835624/; classtype:trojan-activity;sid:83698724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835625)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.113.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835625/; classtype:trojan-activity;sid:83698725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835623)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835623/; classtype:trojan-activity;sid:83698723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835622)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835622/; classtype:trojan-activity;sid:83698722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835621)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835621/; classtype:trojan-activity;sid:83698721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835618)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835618/; classtype:trojan-activity;sid:83698718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835619)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835619/; classtype:trojan-activity;sid:83698719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835620)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835620/; classtype:trojan-activity;sid:83698720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835617)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835617/; classtype:trojan-activity;sid:83698717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835615)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835615/; classtype:trojan-activity;sid:83698715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835616)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835616/; classtype:trojan-activity;sid:83698716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835614)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835614/; classtype:trojan-activity;sid:83698714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835613)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835613/; classtype:trojan-activity;sid:83698713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835612)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835612/; classtype:trojan-activity;sid:83698712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835611)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835611/; classtype:trojan-activity;sid:83698711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835610)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835610/; classtype:trojan-activity;sid:83698710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835607)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835607/; classtype:trojan-activity;sid:83698707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835608)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835608/; classtype:trojan-activity;sid:83698708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835609)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%288%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835609/; classtype:trojan-activity;sid:83698709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835600)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835600/; classtype:trojan-activity;sid:83698700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835601)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835601/; classtype:trojan-activity;sid:83698701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835602)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835602/; classtype:trojan-activity;sid:83698702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835603)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835603/; classtype:trojan-activity;sid:83698703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835604)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835604/; classtype:trojan-activity;sid:83698704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835605)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835605/; classtype:trojan-activity;sid:83698705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835606)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835606/; classtype:trojan-activity;sid:83698706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835598)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835598/; classtype:trojan-activity;sid:83698698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835599)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835599/; classtype:trojan-activity;sid:83698699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835596)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835596/; classtype:trojan-activity;sid:83698696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835597)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835597/; classtype:trojan-activity;sid:83698697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835593)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835593/; classtype:trojan-activity;sid:83698693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835594)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835594/; classtype:trojan-activity;sid:83698694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835595)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%286%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835595/; classtype:trojan-activity;sid:83698695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835592)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835592/; classtype:trojan-activity;sid:83698692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835591)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835591/; classtype:trojan-activity;sid:83698691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835590)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835590/; classtype:trojan-activity;sid:83698690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835589)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835589/; classtype:trojan-activity;sid:83698689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835588)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835588/; classtype:trojan-activity;sid:83698688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835586)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%284%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835586/; classtype:trojan-activity;sid:83698686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835587)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%285%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835587/; classtype:trojan-activity;sid:83698687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835585)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%287%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835585/; classtype:trojan-activity;sid:83698685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.175.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835584/; classtype:trojan-activity;sid:83698684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.63.114.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835583/; classtype:trojan-activity;sid:83698683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835582)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.172.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835582/; classtype:trojan-activity;sid:83698682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835581)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835581/; classtype:trojan-activity;sid:83698681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835577)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835577/; classtype:trojan-activity;sid:83698677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835578)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835578/; classtype:trojan-activity;sid:83698678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835579)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835579/; classtype:trojan-activity;sid:83698679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835580)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835580/; classtype:trojan-activity;sid:83698680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835576)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835576/; classtype:trojan-activity;sid:83698676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835573)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835573/; classtype:trojan-activity;sid:83698673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835574)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835574/; classtype:trojan-activity;sid:83698674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835575)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835575/; classtype:trojan-activity;sid:83698675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835572)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835572/; classtype:trojan-activity;sid:83698672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835569)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835569/; classtype:trojan-activity;sid:83698669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835570)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835570/; classtype:trojan-activity;sid:83698670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835571)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835571/; classtype:trojan-activity;sid:83698671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835565)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835565/; classtype:trojan-activity;sid:83698665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835566)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835566/; classtype:trojan-activity;sid:83698666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835567)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835567/; classtype:trojan-activity;sid:83698667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835568)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835568/; classtype:trojan-activity;sid:83698668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835562)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835562/; classtype:trojan-activity;sid:83698662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835563)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835563/; classtype:trojan-activity;sid:83698663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835564)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835564/; classtype:trojan-activity;sid:83698664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835560)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835560/; classtype:trojan-activity;sid:83698660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835561)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835561/; classtype:trojan-activity;sid:83698661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835559)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835559/; classtype:trojan-activity;sid:83698659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835556)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835556/; classtype:trojan-activity;sid:83698656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835557)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835557/; classtype:trojan-activity;sid:83698657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835558)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835558/; classtype:trojan-activity;sid:83698658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835555)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835555/; classtype:trojan-activity;sid:83698655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835553)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835553/; classtype:trojan-activity;sid:83698653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835554)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835554/; classtype:trojan-activity;sid:83698654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835552)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835552/; classtype:trojan-activity;sid:83698652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835551)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%283%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835551/; classtype:trojan-activity;sid:83698651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835549)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%281%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835549/; classtype:trojan-activity;sid:83698649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835550)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%282%29.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835550/; classtype:trojan-activity;sid:83698650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835548)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%84%9a%e6%9c%ac%20%2810%29.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835548/; classtype:trojan-activity;sid:83698648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835545/; classtype:trojan-activity;sid:83698645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835546)"; flow:established,from_client; content:"GET"; http_method; content:"/opp.scr"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"universalmovies.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835546/; classtype:trojan-activity;sid:83698646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835547/; classtype:trojan-activity;sid:83698647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.52.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835544/; classtype:trojan-activity;sid:83698644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.142"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835543/; classtype:trojan-activity;sid:83698643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.178.196.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835540/; classtype:trojan-activity;sid:83698640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835541/; classtype:trojan-activity;sid:83698641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.113.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835542/; classtype:trojan-activity;sid:83698642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.24.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835539/; classtype:trojan-activity;sid:83698639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835538)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/lenin.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835538/; classtype:trojan-activity;sid:83698638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835537)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/sok.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835537/; classtype:trojan-activity;sid:83698637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835536/; classtype:trojan-activity;sid:83698636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.95.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835535/; classtype:trojan-activity;sid:83698635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835534)"; flow:established,from_client; content:"GET"; http_method; content:"/wnnsafmwpwdxgy95.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.duelvalenza.it"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835534/; classtype:trojan-activity;sid:83698634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.113.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835533/; classtype:trojan-activity;sid:83698633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835531/; classtype:trojan-activity;sid:83698631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.130.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835532/; classtype:trojan-activity;sid:83698632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835530/; classtype:trojan-activity;sid:83698630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.133.165.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835529/; classtype:trojan-activity;sid:83698629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835528)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.118.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835528/; classtype:trojan-activity;sid:83698628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835527)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.145.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835527/; classtype:trojan-activity;sid:83698627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835523)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835523/; classtype:trojan-activity;sid:83698623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835524)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.217.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835524/; classtype:trojan-activity;sid:83698624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835525)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.218.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835525/; classtype:trojan-activity;sid:83698625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835526)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.147.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835526/; classtype:trojan-activity;sid:83698626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835521)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835521/; classtype:trojan-activity;sid:83698621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835522)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.144.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835522/; classtype:trojan-activity;sid:83698622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835520)"; flow:established,from_client; content:"GET"; http_method; content:"/81.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.27.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835520/; classtype:trojan-activity;sid:83698620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.172.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835519/; classtype:trojan-activity;sid:83698619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.181.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835518/; classtype:trojan-activity;sid:83698618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.50.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835517/; classtype:trojan-activity;sid:83698617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835516/; classtype:trojan-activity;sid:83698616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.92.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835515/; classtype:trojan-activity;sid:83698615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835514)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/plykmde/zibbdbq101.bin"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"thequirkyartman.co.uk"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835514/; classtype:trojan-activity;sid:83698614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835512)"; flow:established,from_client; content:"GET"; http_method; content:"/gvv.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.94.54.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835512/; classtype:trojan-activity;sid:83698612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.5.138"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835513/; classtype:trojan-activity;sid:83698613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.190.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835511/; classtype:trojan-activity;sid:83698611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835510/; classtype:trojan-activity;sid:83698610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835509)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403311739_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835509/; classtype:trojan-activity;sid:83698609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835494)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403250811_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835494/; classtype:trojan-activity;sid:83698594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835495)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403301248_wwtt.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835495/; classtype:trojan-activity;sid:83698595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835496)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404080026_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835496/; classtype:trojan-activity;sid:83698596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835497)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404080935_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835497/; classtype:trojan-activity;sid:83698597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835498)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403180946_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835498/; classtype:trojan-activity;sid:83698598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835499)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404011554_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835499/; classtype:trojan-activity;sid:83698599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835500)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403310503_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835500/; classtype:trojan-activity;sid:83698600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835501)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404071211_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835501/; classtype:trojan-activity;sid:83698601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835502)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404040111_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835502/; classtype:trojan-activity;sid:83698602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835503)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403241003_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835503/; classtype:trojan-activity;sid:83698603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835504)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403250805_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835504/; classtype:trojan-activity;sid:83698604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835505)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403310129_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835505/; classtype:trojan-activity;sid:83698605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835506)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404081420_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835506/; classtype:trojan-activity;sid:83698606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835507)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403190714_mbjd.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835507/; classtype:trojan-activity;sid:83698607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835508)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403190950_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835508/; classtype:trojan-activity;sid:83698608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835476)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403252135_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835476/; classtype:trojan-activity;sid:83698576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835477)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404052347_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835477/; classtype:trojan-activity;sid:83698577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835478)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404062144_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835478/; classtype:trojan-activity;sid:83698578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835479)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403241336_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835479/; classtype:trojan-activity;sid:83698579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835480)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404062037_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835480/; classtype:trojan-activity;sid:83698580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835481)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403251712_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835481/; classtype:trojan-activity;sid:83698581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835482)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404062147_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835482/; classtype:trojan-activity;sid:83698582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835483)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403190040_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835483/; classtype:trojan-activity;sid:83698583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835484)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403190902_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835484/; classtype:trojan-activity;sid:83698584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835485)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404070957_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835485/; classtype:trojan-activity;sid:83698585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835486)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403311704_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835486/; classtype:trojan-activity;sid:83698586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835487)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404062248_hjgclsh.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835487/; classtype:trojan-activity;sid:83698587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835488)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404010938_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835488/; classtype:trojan-activity;sid:83698588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835489)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403260543_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835489/; classtype:trojan-activity;sid:83698589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835490)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404031458_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835490/; classtype:trojan-activity;sid:83698590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835491)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403241223_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835491/; classtype:trojan-activity;sid:83698591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835492)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403240205_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835492/; classtype:trojan-activity;sid:83698592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835493)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404012213_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835493/; classtype:trojan-activity;sid:83698593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835445)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404080940_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835445/; classtype:trojan-activity;sid:83698545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835446)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403220747_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835446/; classtype:trojan-activity;sid:83698546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835447)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403222023_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835447/; classtype:trojan-activity;sid:83698547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835448)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403221349_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835448/; classtype:trojan-activity;sid:83698548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835449)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403230623_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835449/; classtype:trojan-activity;sid:83698549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835450)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403310332_51pincha.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835450/; classtype:trojan-activity;sid:83698550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835451)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404051054_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835451/; classtype:trojan-activity;sid:83698551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835452)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403230926_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835452/; classtype:trojan-activity;sid:83698552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835453)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403212157_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835453/; classtype:trojan-activity;sid:83698553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835454)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404081417_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835454/; classtype:trojan-activity;sid:83698554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835455)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404070641_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835455/; classtype:trojan-activity;sid:83698555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835456)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403310504_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835456/; classtype:trojan-activity;sid:83698556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835457)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403230911_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835457/; classtype:trojan-activity;sid:83698557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835458)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403270440_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835458/; classtype:trojan-activity;sid:83698558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835459)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403241959_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835459/; classtype:trojan-activity;sid:83698559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835460)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404050356_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835460/; classtype:trojan-activity;sid:83698560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835461)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404030102_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835461/; classtype:trojan-activity;sid:83698561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835462)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403190209_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835462/; classtype:trojan-activity;sid:83698562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835463)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403222004_wwtt.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835463/; classtype:trojan-activity;sid:83698563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835464)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404030306_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835464/; classtype:trojan-activity;sid:83698564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835465)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403290703_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835465/; classtype:trojan-activity;sid:83698565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835466)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403180943_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835466/; classtype:trojan-activity;sid:83698566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835467)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403251956_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835467/; classtype:trojan-activity;sid:83698567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835468)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403181410_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835468/; classtype:trojan-activity;sid:83698568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835469)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404070953_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835469/; classtype:trojan-activity;sid:83698569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835470)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404050326_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835470/; classtype:trojan-activity;sid:83698570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835471)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403191443_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835471/; classtype:trojan-activity;sid:83698571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835472)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403210234_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835472/; classtype:trojan-activity;sid:83698572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835473)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403240135_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835473/; classtype:trojan-activity;sid:83698573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835474)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404072343_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835474/; classtype:trojan-activity;sid:83698574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835475)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404081042_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835475/; classtype:trojan-activity;sid:83698575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835441)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403220917_gd7u.apk"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835441/; classtype:trojan-activity;sid:83698541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835442)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202404070645_anwajnq.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835442/; classtype:trojan-activity;sid:83698542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835443)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403300153_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835443/; classtype:trojan-activity;sid:83698543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835444)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403310409_haijiashq.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835444/; classtype:trojan-activity;sid:83698544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835440)"; flow:established,from_client; content:"GET"; http_method; content:"/1.apk"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"flm2.vip"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835440/; classtype:trojan-activity;sid:83698540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835439/; classtype:trojan-activity;sid:83698539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835438/; classtype:trojan-activity;sid:83698538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835437/; classtype:trojan-activity;sid:83698537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.216.34.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835436/; classtype:trojan-activity;sid:83698536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835433)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835433/; classtype:trojan-activity;sid:83698533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835434)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835434/; classtype:trojan-activity;sid:83698534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835435)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835435/; classtype:trojan-activity;sid:83698535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835429)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835429/; classtype:trojan-activity;sid:83698529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835430)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835430/; classtype:trojan-activity;sid:83698530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835431)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835431/; classtype:trojan-activity;sid:83698531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835432)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835432/; classtype:trojan-activity;sid:83698532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/ryancv/demo/01/rtx.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"zolfaghar.info"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835427/; classtype:trojan-activity;sid:83698527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835428)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835428/; classtype:trojan-activity;sid:83698528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.181.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835424/; classtype:trojan-activity;sid:83698524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835425)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835425/; classtype:trojan-activity;sid:83698525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.228.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835426/; classtype:trojan-activity;sid:83698526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.2.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835419/; classtype:trojan-activity;sid:83698519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835420)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/go.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835420/; classtype:trojan-activity;sid:83698520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.2.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835421/; classtype:trojan-activity;sid:83698521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835422)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835422/; classtype:trojan-activity;sid:83698522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.170.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835423/; classtype:trojan-activity;sid:83698523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835415)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835415/; classtype:trojan-activity;sid:83698515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.125.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835416/; classtype:trojan-activity;sid:83698516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.45.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835417/; classtype:trojan-activity;sid:83698517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835418)"; flow:established,from_client; content:"GET"; http_method; content:"/iiawkakwdkaow"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835418/; classtype:trojan-activity;sid:83698518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.180.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835405/; classtype:trojan-activity;sid:83698505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.24.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835406/; classtype:trojan-activity;sid:83698506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835407/; classtype:trojan-activity;sid:83698507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.50.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835408/; classtype:trojan-activity;sid:83698508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.61.110.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835409/; classtype:trojan-activity;sid:83698509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.154.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835410/; classtype:trojan-activity;sid:83698510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.61.110.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835411/; classtype:trojan-activity;sid:83698511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.180.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835412/; classtype:trojan-activity;sid:83698512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835413/; classtype:trojan-activity;sid:83698513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.104.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835414/; classtype:trojan-activity;sid:83698514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.154.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835402/; classtype:trojan-activity;sid:83698502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.186.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835403/; classtype:trojan-activity;sid:83698503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.178.196.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835404/; classtype:trojan-activity;sid:83698504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.85.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835399/; classtype:trojan-activity;sid:83698499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.177.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835400/; classtype:trojan-activity;sid:83698500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835401/; classtype:trojan-activity;sid:83698501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.80.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835397/; classtype:trojan-activity;sid:83698497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.156.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835398/; classtype:trojan-activity;sid:83698498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.156.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835395/; classtype:trojan-activity;sid:83698495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835396)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.77.208.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835396/; classtype:trojan-activity;sid:83698496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.20.192.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835394/; classtype:trojan-activity;sid:83698494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835393)"; flow:established,from_client; content:"GET"; http_method; content:"///down/gd7u/gd7u_2.7.0_240413_8.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835393/; classtype:trojan-activity;sid:83698493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835392)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240419_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835392/; classtype:trojan-activity;sid:83698492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835391)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240418_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835391/; classtype:trojan-activity;sid:83698491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835390)"; flow:established,from_client; content:"GET"; http_method; content:"///down/51lieqi/51lieqi_1.5.0_240413_2.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835390/; classtype:trojan-activity;sid:83698490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835389)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjgj/hjgj_1.1.0_240418_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835389/; classtype:trojan-activity;sid:83698489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835388)"; flow:established,from_client; content:"GET"; http_method; content:"///down/gd7u/gd7u_2.7.0_240417_5.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835388/; classtype:trojan-activity;sid:83698488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835387)"; flow:established,from_client; content:"GET"; http_method; content:"///down/51lieqi/51lieqi_1.5.0_240418_1.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835387/; classtype:trojan-activity;sid:83698487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835386)"; flow:established,from_client; content:"GET"; http_method; content:"//down/cgw/cgw_0326100.apk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835386/; classtype:trojan-activity;sid:83698486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835385)"; flow:established,from_client; content:"GET"; http_method; content:"///down/mbjd/mbjd_1.1.0_240417_5.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835385/; classtype:trojan-activity;sid:83698485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835384)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240415_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835384/; classtype:trojan-activity;sid:83698484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835383)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240413_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835383/; classtype:trojan-activity;sid:83698483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835382)"; flow:established,from_client; content:"GET"; http_method; content:"///down/51lieqi/51lieqi_1.5.0_240417_4.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835382/; classtype:trojan-activity;sid:83698482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835381)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240421_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835381/; classtype:trojan-activity;sid:83698481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835380)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240418_5.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835380/; classtype:trojan-activity;sid:83698480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835379)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240419_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835379/; classtype:trojan-activity;sid:83698479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835378)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjgj/hjgj_1.1.0_240414_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835378/; classtype:trojan-activity;sid:83698478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835377)"; flow:established,from_client; content:"GET"; http_method; content:"///down/gd7u/gd7u_2.7.0_240419_5.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835377/; classtype:trojan-activity;sid:83698477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835376)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240416_5.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835376/; classtype:trojan-activity;sid:83698476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835375)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240415_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835375/; classtype:trojan-activity;sid:83698475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835374)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240412_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835374/; classtype:trojan-activity;sid:83698474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835373)"; flow:established,from_client; content:"GET"; http_method; content:"//down/91pf/91pf_121_03161720.apk"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835373/; classtype:trojan-activity;sid:83698473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835372)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240420_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835372/; classtype:trojan-activity;sid:83698472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835371)"; flow:established,from_client; content:"GET"; http_method; content:"//down/awjq/awjq_1.4.0_240410_5.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835371/; classtype:trojan-activity;sid:83698471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835370)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240415_6.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835370/; classtype:trojan-activity;sid:83698470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835368)"; flow:established,from_client; content:"GET"; http_method; content:"//down/awloly/awloly_2.0.4_240420_1.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835368/; classtype:trojan-activity;sid:83698468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835369)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjgj/hjgj_1.1.0_240414_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835369/; classtype:trojan-activity;sid:83698469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835367)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240418_4.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835367/; classtype:trojan-activity;sid:83698467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835366)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240415_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835366/; classtype:trojan-activity;sid:83698466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835365)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240417_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835365/; classtype:trojan-activity;sid:83698465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835364)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240422_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835364/; classtype:trojan-activity;sid:83698464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835363)"; flow:established,from_client; content:"GET"; http_method; content:"//antss/antandroid-v2.6.5-240104.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835363/; classtype:trojan-activity;sid:83698463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835362)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240416_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835362/; classtype:trojan-activity;sid:83698462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835360)"; flow:established,from_client; content:"GET"; http_method; content:"///down/awjq/awjq_1.4.0_240421_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835360/; classtype:trojan-activity;sid:83698460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835361)"; flow:established,from_client; content:"GET"; http_method; content:"///down/gdpj/gdpj_3.9.0_240411_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835361/; classtype:trojan-activity;sid:83698461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835359)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjgj/hjgj_1.1.0_240421_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835359/; classtype:trojan-activity;sid:83698459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835358)"; flow:established,from_client; content:"GET"; http_method; content:"//down/aiss/aiss_0222_v1.5.0.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835358/; classtype:trojan-activity;sid:83698458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835357)"; flow:established,from_client; content:"GET"; http_method; content:"///down/hjsq/hjsq_1.8.0_240418_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835357/; classtype:trojan-activity;sid:83698457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835356)"; flow:established,from_client; content:"GET"; http_method; content:"//down/51sq/v_1.1.5b_2001.apk"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835356/; classtype:trojan-activity;sid:83698456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835355)"; flow:established,from_client; content:"GET"; http_method; content:"///down/51kt/51kt_3.4.3_240420_2.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835355/; classtype:trojan-activity;sid:83698455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835354)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240501_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835354/; classtype:trojan-activity;sid:83698454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835353)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240408_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835353/; classtype:trojan-activity;sid:83698453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835352)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240407_6.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835352/; classtype:trojan-activity;sid:83698452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835351)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240422_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835351/; classtype:trojan-activity;sid:83698451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835350)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240502_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835350/; classtype:trojan-activity;sid:83698450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835349)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240406_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835349/; classtype:trojan-activity;sid:83698449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835348)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91dy/91dy_1.0.1_240502_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835348/; classtype:trojan-activity;sid:83698448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835347)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240430_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835347/; classtype:trojan-activity;sid:83698447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835346)"; flow:established,from_client; content:"GET"; http_method; content:"/down/didi2/didi2_2.2.0_240402_3.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835346/; classtype:trojan-activity;sid:83698446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835345)"; flow:established,from_client; content:"GET"; http_method; content:"///down/xlp/xlp_4.6.3_240414_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835345/; classtype:trojan-activity;sid:83698445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835344)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240501_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835344/; classtype:trojan-activity;sid:83698444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835343)"; flow:established,from_client; content:"GET"; http_method; content:"/down/cgw/cgw_0326100.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835343/; classtype:trojan-activity;sid:83698443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835342)"; flow:established,from_client; content:"GET"; http_method; content:"///down/51kt/51kt_3.4.3_240420_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835342/; classtype:trojan-activity;sid:83698442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835341)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mbjd/mbjd_1.1.0_240501_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835341/; classtype:trojan-activity;sid:83698441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835340)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240429_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835340/; classtype:trojan-activity;sid:83698440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835339)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240409_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835339/; classtype:trojan-activity;sid:83698439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835338)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240425_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835338/; classtype:trojan-activity;sid:83698438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835337)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240428_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835337/; classtype:trojan-activity;sid:83698437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835336)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51sq/v_1.1.5b_2001.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835336/; classtype:trojan-activity;sid:83698436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835335)"; flow:established,from_client; content:"GET"; http_method; content:"///down/gd7u/gd7u_2.7.0_240414_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835335/; classtype:trojan-activity;sid:83698435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835334)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240411_3.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835334/; classtype:trojan-activity;sid:83698434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835333)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240427_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835333/; classtype:trojan-activity;sid:83698433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835332)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240410_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835332/; classtype:trojan-activity;sid:83698432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835331)"; flow:established,from_client; content:"GET"; http_method; content:"/down/zpcpj/zpcpj_1.7.0_240501_6.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835331/; classtype:trojan-activity;sid:83698431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835330)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240428_2.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835330/; classtype:trojan-activity;sid:83698430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835329)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hls/hls_1.0.1_240501_6.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835329/; classtype:trojan-activity;sid:83698429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835328)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240501_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835328/; classtype:trojan-activity;sid:83698428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835327)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240424_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835327/; classtype:trojan-activity;sid:83698427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835326)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240428_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835326/; classtype:trojan-activity;sid:83698426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835325)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240422_1.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835325/; classtype:trojan-activity;sid:83698425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835324)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240408_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835324/; classtype:trojan-activity;sid:83698424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835323)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wwtt/wwtt_04081359_v1.0.0.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835323/; classtype:trojan-activity;sid:83698423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835322)"; flow:established,from_client; content:"GET"; http_method; content:"/down/xlp/xlp_4.6.3_240409_1.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835322/; classtype:trojan-activity;sid:83698422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835321)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240430_4.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835321/; classtype:trojan-activity;sid:83698421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835320)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240427_2.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835320/; classtype:trojan-activity;sid:83698420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835319)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51sq/v_1.1.5b_2001.apk"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835319/; classtype:trojan-activity;sid:83698419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835318)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240501_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835318/; classtype:trojan-activity;sid:83698418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835317)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240424_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835317/; classtype:trojan-activity;sid:83698417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835316)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240404_5.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835316/; classtype:trojan-activity;sid:83698416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835314)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91dy/91dy_1.0.1_240430_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835314/; classtype:trojan-activity;sid:83698414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835315)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240329_5.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835315/; classtype:trojan-activity;sid:83698415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835312)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gtv/gtv_2.0.2_231114_1.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835312/; classtype:trojan-activity;sid:83698412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835313)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240501_2.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835313/; classtype:trojan-activity;sid:83698413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835310)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240424_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835310/; classtype:trojan-activity;sid:83698410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835311)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hls/hls_1.0.1_240430_1.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835311/; classtype:trojan-activity;sid:83698411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835309)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240329_1.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835309/; classtype:trojan-activity;sid:83698409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835308)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.0_240320_2.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835308/; classtype:trojan-activity;sid:83698408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835307)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240424_2.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835307/; classtype:trojan-activity;sid:83698407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835306)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240430_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835306/; classtype:trojan-activity;sid:83698406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835305)"; flow:established,from_client; content:"GET"; http_method; content:"/down/pz/pz_0318100.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835305/; classtype:trojan-activity;sid:83698405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835304)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wwtt/wwtt_1.0.0_240430_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835304/; classtype:trojan-activity;sid:83698404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835303)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240424_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835303/; classtype:trojan-activity;sid:83698403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835302)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hls/hls_1.0.1_240428_6.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835302/; classtype:trojan-activity;sid:83698402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835301)"; flow:established,from_client; content:"GET"; http_method; content:"/down/aiss/aiss_0222_v1.5.0.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835301/; classtype:trojan-activity;sid:83698401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835300)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240425_1.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835300/; classtype:trojan-activity;sid:83698400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835299)"; flow:established,from_client; content:"GET"; http_method; content:"//down/gdpj/gdpj_3.9.0_240415_4.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835299/; classtype:trojan-activity;sid:83698399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835298)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240430_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835298/; classtype:trojan-activity;sid:83698398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835297)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240428_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835297/; classtype:trojan-activity;sid:83698397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835296)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240430_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835296/; classtype:trojan-activity;sid:83698396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835295)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240402_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835295/; classtype:trojan-activity;sid:83698395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835294)"; flow:established,from_client; content:"GET"; http_method; content:"/antss/antandroid-v2.6.5-240104.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835294/; classtype:trojan-activity;sid:83698394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835290)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240502_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835290/; classtype:trojan-activity;sid:83698390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835291)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240410_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835291/; classtype:trojan-activity;sid:83698391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835292)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240428_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835292/; classtype:trojan-activity;sid:83698392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835293)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240428_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835293/; classtype:trojan-activity;sid:83698393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835288)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240423_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835288/; classtype:trojan-activity;sid:83698388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835289)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91dy/91dy_1.0.1_240430_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835289/; classtype:trojan-activity;sid:83698389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835287)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240427_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835287/; classtype:trojan-activity;sid:83698387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835285)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mbjd/mbjd_1.1.0_240430_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835285/; classtype:trojan-activity;sid:83698385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835286)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240321_1.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835286/; classtype:trojan-activity;sid:83698386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835284)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wwtt/wwtt_1.0.0_240502_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835284/; classtype:trojan-activity;sid:83698384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835283)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240501_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835283/; classtype:trojan-activity;sid:83698383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835282)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.0_240320_2.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835282/; classtype:trojan-activity;sid:83698382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835281)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.5_240501_2.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835281/; classtype:trojan-activity;sid:83698381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835280)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hls/hls_1.0.1_240430_2.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835280/; classtype:trojan-activity;sid:83698380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835279)"; flow:established,from_client; content:"GET"; http_method; content:"/antss/antandroid-v2.6.5-240104.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835279/; classtype:trojan-activity;sid:83698379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835278)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240422_2.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835278/; classtype:trojan-activity;sid:83698378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835277)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240410_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835277/; classtype:trojan-activity;sid:83698377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835276)"; flow:established,from_client; content:"GET"; http_method; content:"/down/sgp/sgp_0429.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835276/; classtype:trojan-activity;sid:83698376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835275)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240422_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835275/; classtype:trojan-activity;sid:83698375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835272)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240501_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835272/; classtype:trojan-activity;sid:83698372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835273)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240427_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835273/; classtype:trojan-activity;sid:83698373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835274)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240429_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835274/; classtype:trojan-activity;sid:83698374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835271)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mrds/mrds_110_03312147.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835271/; classtype:trojan-activity;sid:83698371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835270)"; flow:established,from_client; content:"GET"; http_method; content:"/antss/antandroid-v2.6.5-240104.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835270/; classtype:trojan-activity;sid:83698370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835268)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240426_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835268/; classtype:trojan-activity;sid:83698368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835269)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91pf/91pf_121_03161720.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835269/; classtype:trojan-activity;sid:83698369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835267)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240426_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835267/; classtype:trojan-activity;sid:83698367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835266)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.1_240501_1.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835266/; classtype:trojan-activity;sid:83698366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835265)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.6.0_240410_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835265/; classtype:trojan-activity;sid:83698365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835264)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240422_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835264/; classtype:trojan-activity;sid:83698364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835261)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.5_240430_2.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835261/; classtype:trojan-activity;sid:83698361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835262)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wwtt/wwtt_1.0.0_240501_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835262/; classtype:trojan-activity;sid:83698362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835263)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.0_240320_2.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835263/; classtype:trojan-activity;sid:83698363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835260)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91dy/91dy_1.0.1_240424_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835260/; classtype:trojan-activity;sid:83698360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835259)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240428_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835259/; classtype:trojan-activity;sid:83698359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835257)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wwtt/wwtt_1.0.0_240501_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835257/; classtype:trojan-activity;sid:83698357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835258)"; flow:established,from_client; content:"GET"; http_method; content:"/down/xlp/xlp_4.6.3_240429_1.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835258/; classtype:trojan-activity;sid:83698358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835256)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240426_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835256/; classtype:trojan-activity;sid:83698356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835255)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.4_240427_3.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835255/; classtype:trojan-activity;sid:83698355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835254)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240428_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835254/; classtype:trojan-activity;sid:83698354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835252)"; flow:established,from_client; content:"GET"; http_method; content:"/down/aiss/aiss_0222_v1.5.0.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835252/; classtype:trojan-activity;sid:83698352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835253)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240501_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835253/; classtype:trojan-activity;sid:83698353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835251)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240502_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835251/; classtype:trojan-activity;sid:83698351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835248)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.5_240501_6.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835248/; classtype:trojan-activity;sid:83698348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835249)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240430_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835249/; classtype:trojan-activity;sid:83698349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835250)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240321_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835250/; classtype:trojan-activity;sid:83698350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835245)"; flow:established,from_client; content:"GET"; http_method; content:"/android/sosojsq_05.10.apk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"down.sosoz.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835245/; classtype:trojan-activity;sid:83698345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835246)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240410_3.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835246/; classtype:trojan-activity;sid:83698346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835247)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mbjd/mbjd_1.1.0_240428_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835247/; classtype:trojan-activity;sid:83698347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835244)"; flow:established,from_client; content:"GET"; http_method; content:"/down/zpcpj/zpcpj_1.7.0_240502_1.apk"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835244/; classtype:trojan-activity;sid:83698344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835243)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.1_240501_4.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835243/; classtype:trojan-activity;sid:83698343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835242)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240407_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835242/; classtype:trojan-activity;sid:83698342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835241)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240429_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835241/; classtype:trojan-activity;sid:83698341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835240)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240501_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835240/; classtype:trojan-activity;sid:83698340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835239)"; flow:established,from_client; content:"GET"; http_method; content:"/down/cgw/cgw_0323100.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835239/; classtype:trojan-activity;sid:83698339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835237)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240502_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835237/; classtype:trojan-activity;sid:83698337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835238)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.5_240429_5.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835238/; classtype:trojan-activity;sid:83698338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835236)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hls/hls_1.0.1_240501_5.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835236/; classtype:trojan-activity;sid:83698336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835235)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240426_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835235/; classtype:trojan-activity;sid:83698335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835234)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.1_240430_5.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835234/; classtype:trojan-activity;sid:83698334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835233)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.5_240502_1.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835233/; classtype:trojan-activity;sid:83698333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835231)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240427_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835231/; classtype:trojan-activity;sid:83698331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835232)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240410_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835232/; classtype:trojan-activity;sid:83698332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835230)"; flow:established,from_client; content:"GET"; http_method; content:"/down/wwtt/wwtt_1.0.0_240501_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835230/; classtype:trojan-activity;sid:83698330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835229)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240424_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835229/; classtype:trojan-activity;sid:83698329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835228)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240404_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835228/; classtype:trojan-activity;sid:83698328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835227)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240430_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835227/; classtype:trojan-activity;sid:83698327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835223)"; flow:established,from_client; content:"GET"; http_method; content:"///down/51lieqi/51lieqi_1.5.0_240413_4.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835223/; classtype:trojan-activity;sid:83698323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835224)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.7.0_240430_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835224/; classtype:trojan-activity;sid:83698324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835225)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240428_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835225/; classtype:trojan-activity;sid:83698325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835226)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240502_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835226/; classtype:trojan-activity;sid:83698326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835222)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240428_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835222/; classtype:trojan-activity;sid:83698322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835220)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240428_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835220/; classtype:trojan-activity;sid:83698320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835221)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gdpj/gdpj_3.9.0_240321_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835221/; classtype:trojan-activity;sid:83698321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835218)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240430_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835218/; classtype:trojan-activity;sid:83698318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835219)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240409_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835219/; classtype:trojan-activity;sid:83698319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835216)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240501_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835216/; classtype:trojan-activity;sid:83698316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835217)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91dy/91dy_1.0.1_240427_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835217/; classtype:trojan-activity;sid:83698317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835215)"; flow:established,from_client; content:"GET"; http_method; content:"/down/gd7u/gd7u_2.6.0_240408_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835215/; classtype:trojan-activity;sid:83698315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835213)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240424_1.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835213/; classtype:trojan-activity;sid:83698313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835214)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mrds/mrds_120_04242229.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835214/; classtype:trojan-activity;sid:83698314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835212)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awjq/awjq_1.4.0_240408_2.apk|3f|v=1"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835212/; classtype:trojan-activity;sid:83698312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835211)"; flow:established,from_client; content:"GET"; http_method; content:"/down/awloly/awloly_2.0.5_240501_5.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835211/; classtype:trojan-activity;sid:83698311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835210)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240424_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835210/; classtype:trojan-activity;sid:83698310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835209)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240428_5.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835209/; classtype:trojan-activity;sid:83698309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835208)"; flow:established,from_client; content:"GET"; http_method; content:"//down/gdpj/gdpj_3.9.0_240415_4.apk"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835208/; classtype:trojan-activity;sid:83698308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835206)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjgj/hjgj_1.1.0_240501_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835206/; classtype:trojan-activity;sid:83698306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835207)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.0_240319_4.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835207/; classtype:trojan-activity;sid:83698307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835205)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240425_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835205/; classtype:trojan-activity;sid:83698305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835204)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240430_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835204/; classtype:trojan-activity;sid:83698304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835202)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51lieqi/51lieqi_1.5.0_240501_3.apk"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835202/; classtype:trojan-activity;sid:83698302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835203)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hjsq/hjsq_1.8.0_240429_6.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835203/; classtype:trojan-activity;sid:83698303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835201)"; flow:established,from_client; content:"GET"; http_method; content:"/android/sosojsq_05.10.apk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"down.sosoo.xyz"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835201/; classtype:trojan-activity;sid:83698301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835199)"; flow:established,from_client; content:"GET"; http_method; content:"/down/91pf/91pf_121_03161720.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835199/; classtype:trojan-activity;sid:83698299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835200)"; flow:established,from_client; content:"GET"; http_method; content:"/down/qd/qd_4.0.1_240502_2.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835200/; classtype:trojan-activity;sid:83698300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835196)"; flow:established,from_client; content:"GET"; http_method; content:"/lu/lusir_0422.apk"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835196/; classtype:trojan-activity;sid:83698296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835197)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mrds/mrds_120_04301402.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835197/; classtype:trojan-activity;sid:83698297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835198)"; flow:established,from_client; content:"GET"; http_method; content:"/down/aiss/aiss_0222_v1.5.0.apk"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835198/; classtype:trojan-activity;sid:83698298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835195)"; flow:established,from_client; content:"GET"; http_method; content:"/down/mrds/mrds_111_03051715.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835195/; classtype:trojan-activity;sid:83698295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835193)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240430_4.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835193/; classtype:trojan-activity;sid:83698293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835194)"; flow:established,from_client; content:"GET"; http_method; content:"/down/hls/hls_1.0.1_240427_2.apk"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835194/; classtype:trojan-activity;sid:83698294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835192)"; flow:established,from_client; content:"GET"; http_method; content:"/down/51kt/51kt_3.4.3_240428_2.apk"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835192/; classtype:trojan-activity;sid:83698292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835191)"; flow:established,from_client; content:"GET"; http_method; content:"/down/202403211335_xlp.apk"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"d2mlls8dsnofna.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835191/; classtype:trojan-activity;sid:83698291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.220.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835190/; classtype:trojan-activity;sid:83698290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.249.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835189/; classtype:trojan-activity;sid:83698289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.179.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835188/; classtype:trojan-activity;sid:83698288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.104.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835187/; classtype:trojan-activity;sid:83698287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.65.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835186/; classtype:trojan-activity;sid:83698286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.53.36.200"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835185/; classtype:trojan-activity;sid:83698285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.202.90.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835184/; classtype:trojan-activity;sid:83698284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.76.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835183/; classtype:trojan-activity;sid:83698283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.115.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835181/; classtype:trojan-activity;sid:83698281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.18.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835182/; classtype:trojan-activity;sid:83698282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835180/; classtype:trojan-activity;sid:83698280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835179)"; flow:established,from_client; content:"GET"; http_method; content:"/kkw7e0xiz2yghzoa0lemotip9z-inpwklffl_2khwae4q3fg4wtrrpesxks45sxs3znv9jpwv6-_v-nqvxvbudsvdkbetiyqrcwdynbaoh-th3pksz8ajokvpg0ewkx4xz9rkwspd811m3lzy6_jup-v184lcbgvdlk1xini06lt3-n8/ln5yfcyz9suo71g/enquiry.tgz"; http_uri; depth:205; isdataat:!1,relative; nocase; content:"download2324.mediafire.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835179/; classtype:trojan-activity;sid:83698279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.187.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835178/; classtype:trojan-activity;sid:83698278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.147.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835177/; classtype:trojan-activity;sid:83698277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.177.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835176/; classtype:trojan-activity;sid:83698276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.220.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835175/; classtype:trojan-activity;sid:83698275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.210.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835174/; classtype:trojan-activity;sid:83698274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.72.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835173/; classtype:trojan-activity;sid:83698273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.176.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835172/; classtype:trojan-activity;sid:83698272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.164.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835171/; classtype:trojan-activity;sid:83698271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835170/; classtype:trojan-activity;sid:83698270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835169/; classtype:trojan-activity;sid:83698269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835168/; classtype:trojan-activity;sid:83698268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835167)"; flow:established,from_client; content:"GET"; http_method; content:"/load/download.php|3f|c=1000"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d2m54y8a2kdtj1.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835167/; classtype:trojan-activity;sid:83698267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835166/; classtype:trojan-activity;sid:83698266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835164/; classtype:trojan-activity;sid:83698264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835165/; classtype:trojan-activity;sid:83698265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835160)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240415_1.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835160/; classtype:trojan-activity;sid:83698260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835161)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240413_5.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835161/; classtype:trojan-activity;sid:83698261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835162)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240414_4.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835162/; classtype:trojan-activity;sid:83698262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835163)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240420_3.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835163/; classtype:trojan-activity;sid:83698263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835158)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240412_3.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835158/; classtype:trojan-activity;sid:83698258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835159)"; flow:established,from_client; content:"GET"; http_method; content:"//down/tiktok/tiktok_2.3.0_240414_5.apk"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"d26r44l4vrn00m.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835159/; classtype:trojan-activity;sid:83698259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835157)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240427_1.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835157/; classtype:trojan-activity;sid:83698257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835156)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240501_6.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835156/; classtype:trojan-activity;sid:83698256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835152)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240427_6.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835152/; classtype:trojan-activity;sid:83698252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835153)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.3.0_240402_3.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835153/; classtype:trojan-activity;sid:83698253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835154)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.3.0_240409_1.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"db4djqkh4h9v0.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835154/; classtype:trojan-activity;sid:83698254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835155)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240426_7.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d36e0jkwnyz61b.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835155/; classtype:trojan-activity;sid:83698255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835151)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240430_3.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835151/; classtype:trojan-activity;sid:83698251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835150)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240501_5.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835150/; classtype:trojan-activity;sid:83698250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.112.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835149/; classtype:trojan-activity;sid:83698249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.70.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835148/; classtype:trojan-activity;sid:83698248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835147/; classtype:trojan-activity;sid:83698247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.37.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835146/; classtype:trojan-activity;sid:83698246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.112.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835145/; classtype:trojan-activity;sid:83698245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835144)"; flow:established,from_client; content:"GET"; http_method; content:"/down/tiktok/tiktok_2.4.1_240502_1.apk"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"d2kdqj6gjm17ok.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835144/; classtype:trojan-activity;sid:83698244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.164.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835142/; classtype:trojan-activity;sid:83698242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835143/; classtype:trojan-activity;sid:83698243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.61.149.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835141/; classtype:trojan-activity;sid:83698241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835140)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tt/ready.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tk.coachesinspain.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835140/; classtype:trojan-activity;sid:83698240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835139)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"eku365.vip"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835139/; classtype:trojan-activity;sid:83698239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835137)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68tiyu.tv"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835137/; classtype:trojan-activity;sid:83698237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835138)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68tiyu.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835138/; classtype:trojan-activity;sid:83698238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835123)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"bcshopfe.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835123/; classtype:trojan-activity;sid:83698223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835124)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835124/; classtype:trojan-activity;sid:83698224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835125)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m.68tiyu.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835125/; classtype:trojan-activity;sid:83698225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835126)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m.68tiyu.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835126/; classtype:trojan-activity;sid:83698226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835127)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m.68tiyu.tv"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835127/; classtype:trojan-activity;sid:83698227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835128)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.68tiyu.tv"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835128/; classtype:trojan-activity;sid:83698228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835129)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.68tiyu.cc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835129/; classtype:trojan-activity;sid:83698229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835130)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68tiyu.vip"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835130/; classtype:trojan-activity;sid:83698230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835131)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.68tiyu.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835131/; classtype:trojan-activity;sid:83698231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835132)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"tiktok.florenda.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835132/; classtype:trojan-activity;sid:83698232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835133)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"m.68tiyu.vip"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835133/; classtype:trojan-activity;sid:83698233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835134)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"68tiyu.cc"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835134/; classtype:trojan-activity;sid:83698234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835135)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.68tiyu.vip"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835135/; classtype:trojan-activity;sid:83698235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835136)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"login.rubioguzman.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835136/; classtype:trojan-activity;sid:83698236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835121)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tt/ready.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tk.coachesinspain.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835121/; classtype:trojan-activity;sid:83698221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835122)"; flow:established,from_client; content:"GET"; http_method; content:"/static/tiktok/ready.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"gawx.florenda.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835122/; classtype:trojan-activity;sid:83698222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835120)"; flow:established,from_client; content:"GET"; http_method; content:"/static/kk/ready.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tt.coachesinspain.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835120/; classtype:trojan-activity;sid:83698220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835119)"; flow:established,from_client; content:"GET"; http_method; content:"/static/kk/ready.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"tt.coachesinspain.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835119/; classtype:trojan-activity;sid:83698219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835117)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok/ready.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tiktok.coachesinspain.comstatic"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835117/; classtype:trojan-activity;sid:83698217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835118)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok/ready.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"tiktok.coachesinspain.comstatic"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835118/; classtype:trojan-activity;sid:83698218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.164.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835116/; classtype:trojan-activity;sid:83698216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835115)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/sarra.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835115/; classtype:trojan-activity;sid:83698215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835114)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.60.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835114/; classtype:trojan-activity;sid:83698214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835113/; classtype:trojan-activity;sid:83698213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.45.128.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835112/; classtype:trojan-activity;sid:83698212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.199.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835111/; classtype:trojan-activity;sid:83698211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835110)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.99.62.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835110/; classtype:trojan-activity;sid:83698210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835109)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.99.62.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835109/; classtype:trojan-activity;sid:83698209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835108)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.99.62.12"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835108/; classtype:trojan-activity;sid:83698208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835107)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.99.62.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835107/; classtype:trojan-activity;sid:83698207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835105)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.99.62.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835105/; classtype:trojan-activity;sid:83698205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835106)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.99.62.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835106/; classtype:trojan-activity;sid:83698206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835104)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.57.184.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835104/; classtype:trojan-activity;sid:83698204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835103)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.57.184.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835103/; classtype:trojan-activity;sid:83698203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835101/; classtype:trojan-activity;sid:83698201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.242.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835102/; classtype:trojan-activity;sid:83698202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835100/; classtype:trojan-activity;sid:83698200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.245.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835096/; classtype:trojan-activity;sid:83698196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.221.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835097/; classtype:trojan-activity;sid:83698197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.29.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835098/; classtype:trojan-activity;sid:83698198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.37.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835099/; classtype:trojan-activity;sid:83698199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835094)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.255.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835094/; classtype:trojan-activity;sid:83698194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835095)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.191.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835095/; classtype:trojan-activity;sid:83698195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835093)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"202.95.1.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835093/; classtype:trojan-activity;sid:83698193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835091)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835091/; classtype:trojan-activity;sid:83698191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835092)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835092/; classtype:trojan-activity;sid:83698192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835090)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835090/; classtype:trojan-activity;sid:83698190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835089)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.57.7.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835089/; classtype:trojan-activity;sid:83698189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835088)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"47.57.7.44"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835088/; classtype:trojan-activity;sid:83698188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835087)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835087/; classtype:trojan-activity;sid:83698187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835085)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.148.125.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835085/; classtype:trojan-activity;sid:83698185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835086)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.148.125.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835086/; classtype:trojan-activity;sid:83698186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835084)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835084/; classtype:trojan-activity;sid:83698184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835083/; classtype:trojan-activity;sid:83698183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835082)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.145.22.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835082/; classtype:trojan-activity;sid:83698182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835081)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.93.68.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835081/; classtype:trojan-activity;sid:83698181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835080)"; flow:established,from_client; content:"GET"; http_method; content:"/ready1.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.148.125.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835080/; classtype:trojan-activity;sid:83698180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835079)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.142.244.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835079/; classtype:trojan-activity;sid:83698179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835077)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.177.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835077/; classtype:trojan-activity;sid:83698177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835078)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.142.244.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835078/; classtype:trojan-activity;sid:83698178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835076)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"95.214.177.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835076/; classtype:trojan-activity;sid:83698176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835075)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/ready.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"43.159.133.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835075/; classtype:trojan-activity;sid:83698175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.113.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835074/; classtype:trojan-activity;sid:83698174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.235.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835073/; classtype:trojan-activity;sid:83698173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.82.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835072/; classtype:trojan-activity;sid:83698172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835071/; classtype:trojan-activity;sid:83698171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.110.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835069/; classtype:trojan-activity;sid:83698169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835070)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835070/; classtype:trojan-activity;sid:83698170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835068/; classtype:trojan-activity;sid:83698168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835067)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"154.9.255.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835067/; classtype:trojan-activity;sid:83698167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835066)"; flow:established,from_client; content:"GET"; http_method; content:"/udvejningernes.aaf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835066/; classtype:trojan-activity;sid:83698166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835065)"; flow:established,from_client; content:"GET"; http_method; content:"/svileh127.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835065/; classtype:trojan-activity;sid:83698165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835063)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"149.88.85.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835063/; classtype:trojan-activity;sid:83698163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835064)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk%20(2)"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"149.88.85.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835064/; classtype:trojan-activity;sid:83698164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.62.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835062/; classtype:trojan-activity;sid:83698162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.182.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835061/; classtype:trojan-activity;sid:83698161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.56.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835060/; classtype:trojan-activity;sid:83698160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835059/; classtype:trojan-activity;sid:83698159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835058/; classtype:trojan-activity;sid:83698158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835057)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835057/; classtype:trojan-activity;sid:83698157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835056)"; flow:established,from_client; content:"GET"; http_method; content:"/cost/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835056/; classtype:trojan-activity;sid:83698156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.236.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835055/; classtype:trojan-activity;sid:83698155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.61.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835054/; classtype:trojan-activity;sid:83698154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.181.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835053/; classtype:trojan-activity;sid:83698153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.137.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835052/; classtype:trojan-activity;sid:83698152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.74.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835051/; classtype:trojan-activity;sid:83698151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835050/; classtype:trojan-activity;sid:83698150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835049/; classtype:trojan-activity;sid:83698149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.52.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835048/; classtype:trojan-activity;sid:83698148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.244.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835047/; classtype:trojan-activity;sid:83698147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.105.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835046/; classtype:trojan-activity;sid:83698146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835045)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.137.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835045/; classtype:trojan-activity;sid:83698145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835044)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.187.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835044/; classtype:trojan-activity;sid:83698144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835043)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.61.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835043/; classtype:trojan-activity;sid:83698143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835042)"; flow:established,from_client; content:"GET"; http_method; content:"/noa.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.3.239.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835042/; classtype:trojan-activity;sid:83698142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835041)"; flow:established,from_client; content:"GET"; http_method; content:"/uws0pm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"wheel.to"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835041/; classtype:trojan-activity;sid:83698141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835040/; classtype:trojan-activity;sid:83698140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.5.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835039/; classtype:trojan-activity;sid:83698139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.187.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835038/; classtype:trojan-activity;sid:83698138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.80.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835037/; classtype:trojan-activity;sid:83698137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835036)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/amert.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835036/; classtype:trojan-activity;sid:83698136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835035)"; flow:established,from_client; content:"GET"; http_method; content:"/mine/random.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835035/; classtype:trojan-activity;sid:83698135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.71.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835034/; classtype:trojan-activity;sid:83698134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835033/; classtype:trojan-activity;sid:83698133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835032/; classtype:trojan-activity;sid:83698132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.74.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835031/; classtype:trojan-activity;sid:83698131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.244.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835030/; classtype:trojan-activity;sid:83698130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835029/; classtype:trojan-activity;sid:83698129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835028/; classtype:trojan-activity;sid:83698128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835027/; classtype:trojan-activity;sid:83698127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.51.54.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835026/; classtype:trojan-activity;sid:83698126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.76.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835024/; classtype:trojan-activity;sid:83698124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.185.101.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835025/; classtype:trojan-activity;sid:83698125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.237.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835023/; classtype:trojan-activity;sid:83698123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.80.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835022/; classtype:trojan-activity;sid:83698122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835021)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.11.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835021/; classtype:trojan-activity;sid:83698121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.2.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835020/; classtype:trojan-activity;sid:83698120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.95.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835019/; classtype:trojan-activity;sid:83698119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.71.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835016/; classtype:trojan-activity;sid:83698116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.215.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835017/; classtype:trojan-activity;sid:83698117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.16.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835018/; classtype:trojan-activity;sid:83698118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835015)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835015/; classtype:trojan-activity;sid:83698115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835013)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.75.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835013/; classtype:trojan-activity;sid:83698113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835014)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835014/; classtype:trojan-activity;sid:83698114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835012/; classtype:trojan-activity;sid:83698112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.21"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835011/; classtype:trojan-activity;sid:83698111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835010/; classtype:trojan-activity;sid:83698110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835009/; classtype:trojan-activity;sid:83698109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835008/; classtype:trojan-activity;sid:83698108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.213.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835007/; classtype:trojan-activity;sid:83698107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.235.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835006/; classtype:trojan-activity;sid:83698106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835004/; classtype:trojan-activity;sid:83698104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835005/; classtype:trojan-activity;sid:83698105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.52.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835003/; classtype:trojan-activity;sid:83698103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835002/; classtype:trojan-activity;sid:83698102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.52.75.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835001/; classtype:trojan-activity;sid:83698101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2835000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.193.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2835000/; classtype:trojan-activity;sid:83698100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834999/; classtype:trojan-activity;sid:83698099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834998/; classtype:trojan-activity;sid:83698098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834997)"; flow:established,from_client; content:"GET"; http_method; content:"/load/loader-1000.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"dkgxxh1czdosr.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834997/; classtype:trojan-activity;sid:83698097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.156.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834996/; classtype:trojan-activity;sid:83698096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.125.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834995/; classtype:trojan-activity;sid:83698095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.164.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834994/; classtype:trojan-activity;sid:83698094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834993/; classtype:trojan-activity;sid:83698093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834992/; classtype:trojan-activity;sid:83698092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.176.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834988/; classtype:trojan-activity;sid:83698088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834989/; classtype:trojan-activity;sid:83698089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834990/; classtype:trojan-activity;sid:83698090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834991/; classtype:trojan-activity;sid:83698091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834987/; classtype:trojan-activity;sid:83698087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.83.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834986/; classtype:trojan-activity;sid:83698086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.161.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834985/; classtype:trojan-activity;sid:83698085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834984/; classtype:trojan-activity;sid:83698084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.52.75.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834983/; classtype:trojan-activity;sid:83698083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834982)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/2r47k8ub"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834982/; classtype:trojan-activity;sid:83698082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.69.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834981/; classtype:trojan-activity;sid:83698081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.181.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834980/; classtype:trojan-activity;sid:83698080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.3.243"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834979/; classtype:trojan-activity;sid:83698079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.193.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834978/; classtype:trojan-activity;sid:83698078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834977/; classtype:trojan-activity;sid:83698077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834976/; classtype:trojan-activity;sid:83698076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.180.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834975/; classtype:trojan-activity;sid:83698075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.83.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834974/; classtype:trojan-activity;sid:83698074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.182.189.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834973/; classtype:trojan-activity;sid:83698073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834972/; classtype:trojan-activity;sid:83698072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834971/; classtype:trojan-activity;sid:83698071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.149.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834970/; classtype:trojan-activity;sid:83698070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.47.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834969/; classtype:trojan-activity;sid:83698069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.175.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834968/; classtype:trojan-activity;sid:83698068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834967/; classtype:trojan-activity;sid:83698067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.69.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834966/; classtype:trojan-activity;sid:83698066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.78.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834965/; classtype:trojan-activity;sid:83698065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834964)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834964/; classtype:trojan-activity;sid:83698064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834963)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834963/; classtype:trojan-activity;sid:83698063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834957)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834957/; classtype:trojan-activity;sid:83698057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834958)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834958/; classtype:trojan-activity;sid:83698058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834959)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834959/; classtype:trojan-activity;sid:83698059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834960)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834960/; classtype:trojan-activity;sid:83698060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834961)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834961/; classtype:trojan-activity;sid:83698061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834962)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834962/; classtype:trojan-activity;sid:83698062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834955)"; flow:established,from_client; content:"GET"; http_method; content:"/tf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834955/; classtype:trojan-activity;sid:83698055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834956)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834956/; classtype:trojan-activity;sid:83698056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834954)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-adm64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834954/; classtype:trojan-activity;sid:83698054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.189.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834953/; classtype:trojan-activity;sid:83698053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834952/; classtype:trojan-activity;sid:83698052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.182.189.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834951/; classtype:trojan-activity;sid:83698051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.32.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834950/; classtype:trojan-activity;sid:83698050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.91.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834949/; classtype:trojan-activity;sid:83698049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834948)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834948/; classtype:trojan-activity;sid:83698048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834947/; classtype:trojan-activity;sid:83698047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.200.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834946/; classtype:trojan-activity;sid:83698046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834945)"; flow:established,from_client; content:"GET"; http_method; content:"/p.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834945/; classtype:trojan-activity;sid:83698045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834944)"; flow:established,from_client; content:"GET"; http_method; content:"/sy25"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.36.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834944/; classtype:trojan-activity;sid:83698044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834943)"; flow:established,from_client; content:"GET"; http_method; content:"/mobaxterm_personal_24.1%20-%20%e5%bf%ab%e6%8d%b7%e6%96%b9%e5%bc%8f"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"209.141.36.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834943/; classtype:trojan-activity;sid:83698043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834942)"; flow:established,from_client; content:"GET"; http_method; content:"/tf"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.141.36.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834942/; classtype:trojan-activity;sid:83698042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834941/; classtype:trojan-activity;sid:83698041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.51.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834940/; classtype:trojan-activity;sid:83698040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834938)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834938/; classtype:trojan-activity;sid:83698038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834939)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834939/; classtype:trojan-activity;sid:83698039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.189.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834937/; classtype:trojan-activity;sid:83698037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834932)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834932/; classtype:trojan-activity;sid:83698032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834933)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834933/; classtype:trojan-activity;sid:83698033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834934)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834934/; classtype:trojan-activity;sid:83698034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834935)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834935/; classtype:trojan-activity;sid:83698035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834936)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834936/; classtype:trojan-activity;sid:83698036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834923)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834923/; classtype:trojan-activity;sid:83698023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834924)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834924/; classtype:trojan-activity;sid:83698024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834925)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834925/; classtype:trojan-activity;sid:83698025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834926)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834926/; classtype:trojan-activity;sid:83698026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834927)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834927/; classtype:trojan-activity;sid:83698027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834928)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834928/; classtype:trojan-activity;sid:83698028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834929)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834929/; classtype:trojan-activity;sid:83698029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834930)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834930/; classtype:trojan-activity;sid:83698030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834931)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834931/; classtype:trojan-activity;sid:83698031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834922)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834922/; classtype:trojan-activity;sid:83698022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834916)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834916/; classtype:trojan-activity;sid:83698016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834917)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834917/; classtype:trojan-activity;sid:83698017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834918)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834918/; classtype:trojan-activity;sid:83698018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834919)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834919/; classtype:trojan-activity;sid:83698019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834920)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834920/; classtype:trojan-activity;sid:83698020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834921)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834921/; classtype:trojan-activity;sid:83698021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834910)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834910/; classtype:trojan-activity;sid:83698010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834911)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834911/; classtype:trojan-activity;sid:83698011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834912)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834912/; classtype:trojan-activity;sid:83698012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834913)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834913/; classtype:trojan-activity;sid:83698013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834914)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834914/; classtype:trojan-activity;sid:83698014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834915)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834915/; classtype:trojan-activity;sid:83698015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834905)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834905/; classtype:trojan-activity;sid:83698005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834906)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834906/; classtype:trojan-activity;sid:83698006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834907)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834907/; classtype:trojan-activity;sid:83698007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834908)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834908/; classtype:trojan-activity;sid:83698008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834909)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834909/; classtype:trojan-activity;sid:83698009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834901)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834901/; classtype:trojan-activity;sid:83698001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834902)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834902/; classtype:trojan-activity;sid:83698002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834903)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834903/; classtype:trojan-activity;sid:83698003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834904)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834904/; classtype:trojan-activity;sid:83698004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834900)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834900/; classtype:trojan-activity;sid:83698000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834893)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834893/; classtype:trojan-activity;sid:83697993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834894)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834894/; classtype:trojan-activity;sid:83697994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834895)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834895/; classtype:trojan-activity;sid:83697995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834896)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834896/; classtype:trojan-activity;sid:83697996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834897)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834897/; classtype:trojan-activity;sid:83697997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834898)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834898/; classtype:trojan-activity;sid:83697998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834899)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834899/; classtype:trojan-activity;sid:83697999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834892)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834892/; classtype:trojan-activity;sid:83697992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834890)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834890/; classtype:trojan-activity;sid:83697990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834891)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834891/; classtype:trojan-activity;sid:83697991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834888)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834888/; classtype:trojan-activity;sid:83697988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834889)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"fbmarket-place.info"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834889/; classtype:trojan-activity;sid:83697989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834886)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834886/; classtype:trojan-activity;sid:83697986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834887)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834887/; classtype:trojan-activity;sid:83697987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834884)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"www.fbmarket-place.info"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834884/; classtype:trojan-activity;sid:83697984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834885)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xijinping.mov"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834885/; classtype:trojan-activity;sid:83697985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.4.163.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834883/; classtype:trojan-activity;sid:83697983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.147.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834882/; classtype:trojan-activity;sid:83697982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.157.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834881/; classtype:trojan-activity;sid:83697981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.132.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834880/; classtype:trojan-activity;sid:83697980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834879)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834879/; classtype:trojan-activity;sid:83697979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834878)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834878/; classtype:trojan-activity;sid:83697978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834877)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834877/; classtype:trojan-activity;sid:83697977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834876)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834876/; classtype:trojan-activity;sid:83697976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834873)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834873/; classtype:trojan-activity;sid:83697973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834874)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834874/; classtype:trojan-activity;sid:83697974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834875)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834875/; classtype:trojan-activity;sid:83697975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834871)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834871/; classtype:trojan-activity;sid:83697971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834872)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"apibnng.servehttp.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834872/; classtype:trojan-activity;sid:83697972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.35.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834870/; classtype:trojan-activity;sid:83697970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.84.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834869/; classtype:trojan-activity;sid:83697969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834867/; classtype:trojan-activity;sid:83697967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.130.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834868/; classtype:trojan-activity;sid:83697968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834865/; classtype:trojan-activity;sid:83697965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.81.220.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834866/; classtype:trojan-activity;sid:83697966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.51.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834864/; classtype:trojan-activity;sid:83697964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834853)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834853/; classtype:trojan-activity;sid:83697953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834854)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834854/; classtype:trojan-activity;sid:83697954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834855)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834855/; classtype:trojan-activity;sid:83697955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834856)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834856/; classtype:trojan-activity;sid:83697956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834857)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.arm4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834857/; classtype:trojan-activity;sid:83697957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834858)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834858/; classtype:trojan-activity;sid:83697958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834859)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834859/; classtype:trojan-activity;sid:83697959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834860)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834860/; classtype:trojan-activity;sid:83697960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834861)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834861/; classtype:trojan-activity;sid:83697961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834862)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.i686"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834862/; classtype:trojan-activity;sid:83697962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834863)"; flow:established,from_client; content:"GET"; http_method; content:"/abc.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834863/; classtype:trojan-activity;sid:83697963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834852)"; flow:established,from_client; content:"GET"; http_method; content:"/request_for_quote.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"crowninter.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834852/; classtype:trojan-activity;sid:83697952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.55.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834851/; classtype:trojan-activity;sid:83697951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.221.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834850/; classtype:trojan-activity;sid:83697950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.61.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834849/; classtype:trojan-activity;sid:83697949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834848)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.252.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834848/; classtype:trojan-activity;sid:83697948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.84.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834847/; classtype:trojan-activity;sid:83697947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834843)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834843/; classtype:trojan-activity;sid:83697943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834844)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834844/; classtype:trojan-activity;sid:83697944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834845)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834845/; classtype:trojan-activity;sid:83697945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834846)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834846/; classtype:trojan-activity;sid:83697946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834842)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834842/; classtype:trojan-activity;sid:83697942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834837)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834837/; classtype:trojan-activity;sid:83697937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834838)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834838/; classtype:trojan-activity;sid:83697938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834839)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834839/; classtype:trojan-activity;sid:83697939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834840)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834840/; classtype:trojan-activity;sid:83697940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834841)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834841/; classtype:trojan-activity;sid:83697941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834835)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834835/; classtype:trojan-activity;sid:83697935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834836)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834836/; classtype:trojan-activity;sid:83697936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.87.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834834/; classtype:trojan-activity;sid:83697934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.235.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834833/; classtype:trojan-activity;sid:83697933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.35.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834832/; classtype:trojan-activity;sid:83697932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.197.49.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834831/; classtype:trojan-activity;sid:83697931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834830/; classtype:trojan-activity;sid:83697930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.92.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834829/; classtype:trojan-activity;sid:83697929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834828/; classtype:trojan-activity;sid:83697928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.55.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834827/; classtype:trojan-activity;sid:83697927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.27.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834826/; classtype:trojan-activity;sid:83697926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.78.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834825/; classtype:trojan-activity;sid:83697925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834822)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.x86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834822/; classtype:trojan-activity;sid:83697922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834823)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834823/; classtype:trojan-activity;sid:83697923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834824)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834824/; classtype:trojan-activity;sid:83697924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834817)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834817/; classtype:trojan-activity;sid:83697917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.19.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834818/; classtype:trojan-activity;sid:83697918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834819)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834819/; classtype:trojan-activity;sid:83697919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834820)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834820/; classtype:trojan-activity;sid:83697920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834821)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834821/; classtype:trojan-activity;sid:83697921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834812)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.spc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834812/; classtype:trojan-activity;sid:83697912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834813)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834813/; classtype:trojan-activity;sid:83697913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834814)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834814/; classtype:trojan-activity;sid:83697914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834815)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834815/; classtype:trojan-activity;sid:83697915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834816)"; flow:established,from_client; content:"GET"; http_method; content:"//m/bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834816/; classtype:trojan-activity;sid:83697916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834811/; classtype:trojan-activity;sid:83697911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834810/; classtype:trojan-activity;sid:83697910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834809)"; flow:established,from_client; content:"GET"; http_method; content:"/tee.scr"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"dukeenergyltd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834809/; classtype:trojan-activity;sid:83697909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.221.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834808/; classtype:trojan-activity;sid:83697908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834807/; classtype:trojan-activity;sid:83697907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834806/; classtype:trojan-activity;sid:83697906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.227.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834805/; classtype:trojan-activity;sid:83697905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834804/; classtype:trojan-activity;sid:83697904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.0.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834803/; classtype:trojan-activity;sid:83697903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834802/; classtype:trojan-activity;sid:83697902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.155.206.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834801/; classtype:trojan-activity;sid:83697901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.19.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834800/; classtype:trojan-activity;sid:83697900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.49.50.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834799/; classtype:trojan-activity;sid:83697899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.78.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834798/; classtype:trojan-activity;sid:83697898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.114.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834797/; classtype:trojan-activity;sid:83697897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.27.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834796/; classtype:trojan-activity;sid:83697896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834795/; classtype:trojan-activity;sid:83697895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.213.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834794/; classtype:trojan-activity;sid:83697894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834793/; classtype:trojan-activity;sid:83697893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834792/; classtype:trojan-activity;sid:83697892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.199.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834790/; classtype:trojan-activity;sid:83697890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834791)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.105.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834791/; classtype:trojan-activity;sid:83697891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834789)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.206.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834789/; classtype:trojan-activity;sid:83697889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.253.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834788/; classtype:trojan-activity;sid:83697888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834787)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669174517|3f|hash=yh2vzc7uwzjkrjyzsieznthijyzzvxyemdbnx060pqd|7c|26|7c|dl=ynwa0oyyjfmzxkzghyzwacbp3hioca5lchcwsztvgu8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834787/; classtype:trojan-activity;sid:83697887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834786/; classtype:trojan-activity;sid:83697886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.48.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834784/; classtype:trojan-activity;sid:83697884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.137.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834785/; classtype:trojan-activity;sid:83697885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.48.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834783/; classtype:trojan-activity;sid:83697883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.110.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834782/; classtype:trojan-activity;sid:83697882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834781)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834781/; classtype:trojan-activity;sid:83697881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.179.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834779/; classtype:trojan-activity;sid:83697879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834780)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.114.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834780/; classtype:trojan-activity;sid:83697880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.214.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834778/; classtype:trojan-activity;sid:83697878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834777/; classtype:trojan-activity;sid:83697877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834776)"; flow:established,from_client; content:"GET"; http_method; content:"/m/6046/setup%e6%9f%a5%e7%9c%8b_6046.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"innd.ink"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834776/; classtype:trojan-activity;sid:83697876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834775/; classtype:trojan-activity;sid:83697875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.30.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834774/; classtype:trojan-activity;sid:83697874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.6.30"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834773/; classtype:trojan-activity;sid:83697873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.99.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834771/; classtype:trojan-activity;sid:83697871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.39.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834772/; classtype:trojan-activity;sid:83697872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834769/; classtype:trojan-activity;sid:83697869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.237.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834770/; classtype:trojan-activity;sid:83697870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.104.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834768/; classtype:trojan-activity;sid:83697868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.179.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834766/; classtype:trojan-activity;sid:83697866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.238.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834767/; classtype:trojan-activity;sid:83697867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.12.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834765/; classtype:trojan-activity;sid:83697865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.31.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834764/; classtype:trojan-activity;sid:83697864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.19.43.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834763/; classtype:trojan-activity;sid:83697863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.95.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834762/; classtype:trojan-activity;sid:83697862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.27.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834761/; classtype:trojan-activity;sid:83697861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834760/; classtype:trojan-activity;sid:83697860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.56.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834759/; classtype:trojan-activity;sid:83697859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.190.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834758/; classtype:trojan-activity;sid:83697858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.178.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834757/; classtype:trojan-activity;sid:83697857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.122.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834756/; classtype:trojan-activity;sid:83697856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.188.174.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834755/; classtype:trojan-activity;sid:83697855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.237.109.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834754/; classtype:trojan-activity;sid:83697854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.95.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834753/; classtype:trojan-activity;sid:83697853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.30.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834752/; classtype:trojan-activity;sid:83697852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834750)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11l32ednrgm4l1bn8f-xau1jbmyfuxrhj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834750/; classtype:trojan-activity;sid:83697850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834751)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1br5ov9jchr-ahw-bktzyy_6omqifflx8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834751/; classtype:trojan-activity;sid:83697851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834749)"; flow:established,from_client; content:"GET"; http_method; content:"/get/e5433cad6e99dcbffcb19fe8a2ead3fe/xile_client.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834749/; classtype:trojan-activity;sid:83697849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834748/; classtype:trojan-activity;sid:83697848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.213.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834745/; classtype:trojan-activity;sid:83697845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.33.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834746/; classtype:trojan-activity;sid:83697846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.11.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834747/; classtype:trojan-activity;sid:83697847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.242.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834742/; classtype:trojan-activity;sid:83697842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834743/; classtype:trojan-activity;sid:83697843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.159.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834744/; classtype:trojan-activity;sid:83697844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834741/; classtype:trojan-activity;sid:83697841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.202.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834740/; classtype:trojan-activity;sid:83697840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.115.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834739/; classtype:trojan-activity;sid:83697839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834738/; classtype:trojan-activity;sid:83697838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.174.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834737/; classtype:trojan-activity;sid:83697837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.49.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834734/; classtype:trojan-activity;sid:83697834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.122.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834735/; classtype:trojan-activity;sid:83697835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834736/; classtype:trojan-activity;sid:83697836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.113.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834733/; classtype:trojan-activity;sid:83697833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.11.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834732/; classtype:trojan-activity;sid:83697832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834731/; classtype:trojan-activity;sid:83697831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.213.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834730/; classtype:trojan-activity;sid:83697830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.248.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834729/; classtype:trojan-activity;sid:83697829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.182.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834728/; classtype:trojan-activity;sid:83697828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834727)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.115.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834727/; classtype:trojan-activity;sid:83697827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.38.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834726/; classtype:trojan-activity;sid:83697826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.23.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834725/; classtype:trojan-activity;sid:83697825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.190.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834724/; classtype:trojan-activity;sid:83697824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.222.237.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834723/; classtype:trojan-activity;sid:83697823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834722/; classtype:trojan-activity;sid:83697822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834721/; classtype:trojan-activity;sid:83697821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.240.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834720/; classtype:trojan-activity;sid:83697820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"148.103.220.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834719/; classtype:trojan-activity;sid:83697819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834718/; classtype:trojan-activity;sid:83697818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834717)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.117.117.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834717/; classtype:trojan-activity;sid:83697817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834716/; classtype:trojan-activity;sid:83697816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834715/; classtype:trojan-activity;sid:83697815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834714)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.11.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834714/; classtype:trojan-activity;sid:83697814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.205.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834713/; classtype:trojan-activity;sid:83697813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834712/; classtype:trojan-activity;sid:83697812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834711/; classtype:trojan-activity;sid:83697811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.31.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834710/; classtype:trojan-activity;sid:83697810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.218.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834709/; classtype:trojan-activity;sid:83697809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"148.103.220.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834708/; classtype:trojan-activity;sid:83697808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834707/; classtype:trojan-activity;sid:83697807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.33.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834706/; classtype:trojan-activity;sid:83697806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.70.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834705/; classtype:trojan-activity;sid:83697805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834704)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.179.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834704/; classtype:trojan-activity;sid:83697804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.41.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834703/; classtype:trojan-activity;sid:83697803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.245.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834702/; classtype:trojan-activity;sid:83697802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834700/; classtype:trojan-activity;sid:83697800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834701/; classtype:trojan-activity;sid:83697801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.147.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834698/; classtype:trojan-activity;sid:83697798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.218.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834699/; classtype:trojan-activity;sid:83697799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834697/; classtype:trojan-activity;sid:83697797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834696/; classtype:trojan-activity;sid:83697796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834695/; classtype:trojan-activity;sid:83697795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834694/; classtype:trojan-activity;sid:83697794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.110.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834693/; classtype:trojan-activity;sid:83697793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834692/; classtype:trojan-activity;sid:83697792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834691/; classtype:trojan-activity;sid:83697791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834688/; classtype:trojan-activity;sid:83697788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.196.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834689/; classtype:trojan-activity;sid:83697789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834690/; classtype:trojan-activity;sid:83697790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834687/; classtype:trojan-activity;sid:83697787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834686/; classtype:trojan-activity;sid:83697786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834685/; classtype:trojan-activity;sid:83697785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.86.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834684/; classtype:trojan-activity;sid:83697784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834683/; classtype:trojan-activity;sid:83697783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834682/; classtype:trojan-activity;sid:83697782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.109.147.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834681/; classtype:trojan-activity;sid:83697781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.226.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834680/; classtype:trojan-activity;sid:83697780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.42.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834679/; classtype:trojan-activity;sid:83697779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.245.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834678/; classtype:trojan-activity;sid:83697778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834677)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.175.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834677/; classtype:trojan-activity;sid:83697777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834676)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.82.36"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834676/; classtype:trojan-activity;sid:83697776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.132.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834675/; classtype:trojan-activity;sid:83697775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834673)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.56.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834673/; classtype:trojan-activity;sid:83697773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834674)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.78.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834674/; classtype:trojan-activity;sid:83697774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834672)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834672/; classtype:trojan-activity;sid:83697772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834671)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834671/; classtype:trojan-activity;sid:83697771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.59.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834670/; classtype:trojan-activity;sid:83697770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.187.226.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834669/; classtype:trojan-activity;sid:83697769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834668/; classtype:trojan-activity;sid:83697768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834667)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.184.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834667/; classtype:trojan-activity;sid:83697767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834666/; classtype:trojan-activity;sid:83697766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834665/; classtype:trojan-activity;sid:83697765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834664)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.226.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834664/; classtype:trojan-activity;sid:83697764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.71.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834662/; classtype:trojan-activity;sid:83697762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.252.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834663/; classtype:trojan-activity;sid:83697763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.32.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834661/; classtype:trojan-activity;sid:83697761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834660/; classtype:trojan-activity;sid:83697760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834659/; classtype:trojan-activity;sid:83697759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.32.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834658/; classtype:trojan-activity;sid:83697758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834657/; classtype:trojan-activity;sid:83697757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834656)"; flow:established,from_client; content:"GET"; http_method; content:"/amervh79.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834656/; classtype:trojan-activity;sid:83697756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834655)"; flow:established,from_client; content:"GET"; http_method; content:"/mrqyribqcevemosuimafmdd44.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"94.156.79.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834655/; classtype:trojan-activity;sid:83697755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.0.131"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834654/; classtype:trojan-activity;sid:83697754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.42.30"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834653/; classtype:trojan-activity;sid:83697753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.59.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834652/; classtype:trojan-activity;sid:83697752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.182.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834651/; classtype:trojan-activity;sid:83697751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834650/; classtype:trojan-activity;sid:83697750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.41.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834649/; classtype:trojan-activity;sid:83697749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.105.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834648/; classtype:trojan-activity;sid:83697748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.200.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834646/; classtype:trojan-activity;sid:83697746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834647/; classtype:trojan-activity;sid:83697747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834644)"; flow:established,from_client; content:"GET"; http_method; content:"/files/lexisnexis.msix"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"eprst281.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834644/; classtype:trojan-activity;sid:83697744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834645)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"eprst251.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834645/; classtype:trojan-activity;sid:83697745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834640)"; flow:established,from_client; content:"GET"; http_method; content:"/get/get.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"massgira.fun"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834640/; classtype:trojan-activity;sid:83697740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834641)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"138.124.184.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834641/; classtype:trojan-activity;sid:83697741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834642)"; flow:established,from_client; content:"GET"; http_method; content:"/files/asana.msix"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"138.124.184.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834642/; classtype:trojan-activity;sid:83697742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834643)"; flow:established,from_client; content:"GET"; http_method; content:"/files/blackrock.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"138.124.184.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834643/; classtype:trojan-activity;sid:83697743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834635)"; flow:established,from_client; content:"GET"; http_method; content:"/files/blackrock.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"eprst281.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834635/; classtype:trojan-activity;sid:83697735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834636)"; flow:established,from_client; content:"GET"; http_method; content:"/files/blackrock.msix"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"138.124.184.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834636/; classtype:trojan-activity;sid:83697736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834637)"; flow:established,from_client; content:"GET"; http_method; content:"/files/netsupport28.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"eprst281.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834637/; classtype:trojan-activity;sid:83697737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834638)"; flow:established,from_client; content:"GET"; http_method; content:"/files/netsupport25.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"eprst251.boo"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834638/; classtype:trojan-activity;sid:83697738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834639)"; flow:established,from_client; content:"GET"; http_method; content:"/te1/tstreds.gagg"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"timeandremind.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834639/; classtype:trojan-activity;sid:83697739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834634)"; flow:established,from_client; content:"GET"; http_method; content:"/te1/ggg.text"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"timeandremind.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834634/; classtype:trojan-activity;sid:83697734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834633)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"lexisnexis.day"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834633/; classtype:trojan-activity;sid:83697733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.229.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834631/; classtype:trojan-activity;sid:83697731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.5.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834632/; classtype:trojan-activity;sid:83697732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834630)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gvw.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834630/; classtype:trojan-activity;sid:83697730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.22.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834629/; classtype:trojan-activity;sid:83697729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834628/; classtype:trojan-activity;sid:83697728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834627)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834627/; classtype:trojan-activity;sid:83697727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834626)"; flow:established,from_client; content:"GET"; http_method; content:"/loader.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ben-advanced.fra1.digitaloceanspaces.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834626/; classtype:trojan-activity;sid:83697726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834624/; classtype:trojan-activity;sid:83697724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.212.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834625/; classtype:trojan-activity;sid:83697725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.50.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834623/; classtype:trojan-activity;sid:83697723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834622/; classtype:trojan-activity;sid:83697722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.200.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834621/; classtype:trojan-activity;sid:83697721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.32.44"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834620/; classtype:trojan-activity;sid:83697720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.50.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834619/; classtype:trojan-activity;sid:83697719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834618/; classtype:trojan-activity;sid:83697718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.48.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834616/; classtype:trojan-activity;sid:83697716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834617/; classtype:trojan-activity;sid:83697717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834615/; classtype:trojan-activity;sid:83697715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.13.244.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834614/; classtype:trojan-activity;sid:83697714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.100.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834613/; classtype:trojan-activity;sid:83697713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.22.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834612/; classtype:trojan-activity;sid:83697712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.229.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834611/; classtype:trojan-activity;sid:83697711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.54.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834610/; classtype:trojan-activity;sid:83697710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.123.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834609/; classtype:trojan-activity;sid:83697709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.50.162"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834608/; classtype:trojan-activity;sid:83697708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.230.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834606/; classtype:trojan-activity;sid:83697706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834607/; classtype:trojan-activity;sid:83697707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.212.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834605/; classtype:trojan-activity;sid:83697705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.123.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834603/; classtype:trojan-activity;sid:83697703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834604/; classtype:trojan-activity;sid:83697704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834602)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.181.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834602/; classtype:trojan-activity;sid:83697702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834601)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.48.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834601/; classtype:trojan-activity;sid:83697701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.206.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834600/; classtype:trojan-activity;sid:83697700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.105.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834599/; classtype:trojan-activity;sid:83697699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.86.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834598/; classtype:trojan-activity;sid:83697698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.164.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834597/; classtype:trojan-activity;sid:83697697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.5.92"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834596/; classtype:trojan-activity;sid:83697696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.120.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_02; reference:url, urlhaus.abuse.ch/url/2834595/; classtype:trojan-activity;sid:83697695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.95.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834594/; classtype:trojan-activity;sid:83697694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834593)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"tyd.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834593/; classtype:trojan-activity;sid:83697693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.240.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834592/; classtype:trojan-activity;sid:83697692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.234.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834591/; classtype:trojan-activity;sid:83697691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.55.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834589/; classtype:trojan-activity;sid:83697689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.52.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834590/; classtype:trojan-activity;sid:83697690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.22.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834588/; classtype:trojan-activity;sid:83697688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.189.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834587/; classtype:trojan-activity;sid:83697687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.206.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834586/; classtype:trojan-activity;sid:83697686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834585/; classtype:trojan-activity;sid:83697685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834584/; classtype:trojan-activity;sid:83697684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.180.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834583/; classtype:trojan-activity;sid:83697683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.240.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834582/; classtype:trojan-activity;sid:83697682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.160.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834581/; classtype:trojan-activity;sid:83697681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.255.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834579/; classtype:trojan-activity;sid:83697679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.231.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834580/; classtype:trojan-activity;sid:83697680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.22.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834578/; classtype:trojan-activity;sid:83697678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.189.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834577/; classtype:trojan-activity;sid:83697677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.193.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834576/; classtype:trojan-activity;sid:83697676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.107.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834574/; classtype:trojan-activity;sid:83697674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.126.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834575/; classtype:trojan-activity;sid:83697675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.223.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834573/; classtype:trojan-activity;sid:83697673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834572)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.77.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834572/; classtype:trojan-activity;sid:83697672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.180.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834571/; classtype:trojan-activity;sid:83697671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834570/; classtype:trojan-activity;sid:83697670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.166.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834568/; classtype:trojan-activity;sid:83697668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834569/; classtype:trojan-activity;sid:83697669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834567/; classtype:trojan-activity;sid:83697667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834566/; classtype:trojan-activity;sid:83697666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834565/; classtype:trojan-activity;sid:83697665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.255.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834564/; classtype:trojan-activity;sid:83697664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834563/; classtype:trojan-activity;sid:83697663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.115.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834562/; classtype:trojan-activity;sid:83697662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.160.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834561/; classtype:trojan-activity;sid:83697661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834560)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834560/; classtype:trojan-activity;sid:83697660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834559)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834559/; classtype:trojan-activity;sid:83697659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.126.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834558/; classtype:trojan-activity;sid:83697658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.33.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834557/; classtype:trojan-activity;sid:83697657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834556)"; flow:established,from_client; content:"GET"; http_method; content:"/rumba/buben.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.96.7"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834556/; classtype:trojan-activity;sid:83697656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834553)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834553/; classtype:trojan-activity;sid:83697653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834554)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834554/; classtype:trojan-activity;sid:83697654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834555)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834555/; classtype:trojan-activity;sid:83697655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834548)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834548/; classtype:trojan-activity;sid:83697648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834549)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834549/; classtype:trojan-activity;sid:83697649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834550)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834550/; classtype:trojan-activity;sid:83697650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834551)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834551/; classtype:trojan-activity;sid:83697651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834552)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834552/; classtype:trojan-activity;sid:83697652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834547/; classtype:trojan-activity;sid:83697647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.176.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834546/; classtype:trojan-activity;sid:83697646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.170.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834544/; classtype:trojan-activity;sid:83697644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834545/; classtype:trojan-activity;sid:83697645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834542)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834542/; classtype:trojan-activity;sid:83697642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834543)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kelly.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834543/; classtype:trojan-activity;sid:83697643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.120.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834541/; classtype:trojan-activity;sid:83697641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.19.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834540/; classtype:trojan-activity;sid:83697640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.231.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834539/; classtype:trojan-activity;sid:83697639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.61.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834537/; classtype:trojan-activity;sid:83697637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.23.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834538/; classtype:trojan-activity;sid:83697638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.234.64.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834536/; classtype:trojan-activity;sid:83697636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.166.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834535/; classtype:trojan-activity;sid:83697635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.91.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834534/; classtype:trojan-activity;sid:83697634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.189.21.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834533/; classtype:trojan-activity;sid:83697633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834532)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.186.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834532/; classtype:trojan-activity;sid:83697632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.227.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834530/; classtype:trojan-activity;sid:83697630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.121.83.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834531/; classtype:trojan-activity;sid:83697631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.56.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834529/; classtype:trojan-activity;sid:83697629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.57.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834528/; classtype:trojan-activity;sid:83697628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.126.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834526/; classtype:trojan-activity;sid:83697626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834527)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834527/; classtype:trojan-activity;sid:83697627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.233.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834525/; classtype:trojan-activity;sid:83697625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.35.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834524/; classtype:trojan-activity;sid:83697624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834523/; classtype:trojan-activity;sid:83697623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.23.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834521/; classtype:trojan-activity;sid:83697621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.30.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834522/; classtype:trojan-activity;sid:83697622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834518)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834518/; classtype:trojan-activity;sid:83697618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.209.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834519/; classtype:trojan-activity;sid:83697619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834520/; classtype:trojan-activity;sid:83697620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834517)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"139.84.143.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834517/; classtype:trojan-activity;sid:83697617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834516)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.207.134.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834516/; classtype:trojan-activity;sid:83697616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834514)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"64.190.113.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834514/; classtype:trojan-activity;sid:83697614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834515)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"193.200.134.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834515/; classtype:trojan-activity;sid:83697615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834512)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"212.227.241.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834512/; classtype:trojan-activity;sid:83697612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834513)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.69.6.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834513/; classtype:trojan-activity;sid:83697613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834511)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.156.100.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834511/; classtype:trojan-activity;sid:83697611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834509)"; flow:established,from_client; content:"GET"; http_method; content:"/sc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.69.6.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834509/; classtype:trojan-activity;sid:83697609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834510)"; flow:established,from_client; content:"GET"; http_method; content:"/x64"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.69.6.20"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834510/; classtype:trojan-activity;sid:83697610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834507)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"38.180.160.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834507/; classtype:trojan-activity;sid:83697607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834508)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"169.239.130.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834508/; classtype:trojan-activity;sid:83697608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834505)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.236.161.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834505/; classtype:trojan-activity;sid:83697605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834506)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.129.31.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834506/; classtype:trojan-activity;sid:83697606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834504)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834504/; classtype:trojan-activity;sid:83697604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834502)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834502/; classtype:trojan-activity;sid:83697602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834503)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834503/; classtype:trojan-activity;sid:83697603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834501)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.95.169.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834501/; classtype:trojan-activity;sid:83697601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834499)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834499/; classtype:trojan-activity;sid:83697599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834500)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834500/; classtype:trojan-activity;sid:83697600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834498)"; flow:established,from_client; content:"GET"; http_method; content:"/ntpd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.13.199.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834498/; classtype:trojan-activity;sid:83697598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834497)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.165.172.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834497/; classtype:trojan-activity;sid:83697597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834496)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"209.141.36.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834496/; classtype:trojan-activity;sid:83697596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834495)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834495/; classtype:trojan-activity;sid:83697595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834493)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.156.100.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834493/; classtype:trojan-activity;sid:83697593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834494)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834494/; classtype:trojan-activity;sid:83697594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834492)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834492/; classtype:trojan-activity;sid:83697592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834486)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"104.152.49.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834486/; classtype:trojan-activity;sid:83697586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834487)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834487/; classtype:trojan-activity;sid:83697587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834488)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834488/; classtype:trojan-activity;sid:83697588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834489)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.185.50.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834489/; classtype:trojan-activity;sid:83697589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834490)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834490/; classtype:trojan-activity;sid:83697590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834491)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.76.205.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834491/; classtype:trojan-activity;sid:83697591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834484)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834484/; classtype:trojan-activity;sid:83697584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834485)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834485/; classtype:trojan-activity;sid:83697585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834482)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834482/; classtype:trojan-activity;sid:83697582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834483)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834483/; classtype:trojan-activity;sid:83697583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834480)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"158.247.232.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834480/; classtype:trojan-activity;sid:83697580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834481)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.228.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834481/; classtype:trojan-activity;sid:83697581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834477)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834477/; classtype:trojan-activity;sid:83697577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834478)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834478/; classtype:trojan-activity;sid:83697578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834479)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834479/; classtype:trojan-activity;sid:83697579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834473)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834473/; classtype:trojan-activity;sid:83697573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834474)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834474/; classtype:trojan-activity;sid:83697574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834475)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834475/; classtype:trojan-activity;sid:83697575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834476)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834476/; classtype:trojan-activity;sid:83697576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834471)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.114.145.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834471/; classtype:trojan-activity;sid:83697571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834472)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.187.121.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834472/; classtype:trojan-activity;sid:83697572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834468)"; flow:established,from_client; content:"GET"; http_method; content:"/st"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"149.28.34.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834468/; classtype:trojan-activity;sid:83697568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834469)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.247.251.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834469/; classtype:trojan-activity;sid:83697569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834470)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834470/; classtype:trojan-activity;sid:83697570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834467)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.249.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834467/; classtype:trojan-activity;sid:83697567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834463)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"216.45.57.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834463/; classtype:trojan-activity;sid:83697563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834464)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834464/; classtype:trojan-activity;sid:83697564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834465)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834465/; classtype:trojan-activity;sid:83697565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834466)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834466/; classtype:trojan-activity;sid:83697566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834462)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834462/; classtype:trojan-activity;sid:83697562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834460)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834460/; classtype:trojan-activity;sid:83697560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834461)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834461/; classtype:trojan-activity;sid:83697561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834458)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834458/; classtype:trojan-activity;sid:83697558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834459)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.76.122.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834459/; classtype:trojan-activity;sid:83697559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834455)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834455/; classtype:trojan-activity;sid:83697555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834456)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.160.6.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834456/; classtype:trojan-activity;sid:83697556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834457)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834457/; classtype:trojan-activity;sid:83697557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834454)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834454/; classtype:trojan-activity;sid:83697554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834451)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.187.121.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834451/; classtype:trojan-activity;sid:83697551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834452)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834452/; classtype:trojan-activity;sid:83697552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834453)"; flow:established,from_client; content:"GET"; http_method; content:"/ps"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.187.121.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834453/; classtype:trojan-activity;sid:83697553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834450)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.41.139.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834450/; classtype:trojan-activity;sid:83697550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834448)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834448/; classtype:trojan-activity;sid:83697548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834449)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834449/; classtype:trojan-activity;sid:83697549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834446)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834446/; classtype:trojan-activity;sid:83697546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834447)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.245.204.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834447/; classtype:trojan-activity;sid:83697547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834443)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834443/; classtype:trojan-activity;sid:83697543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834444)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834444/; classtype:trojan-activity;sid:83697544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834445)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834445/; classtype:trojan-activity;sid:83697545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834442)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834442/; classtype:trojan-activity;sid:83697542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834438)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834438/; classtype:trojan-activity;sid:83697538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834439)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834439/; classtype:trojan-activity;sid:83697539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834440)"; flow:established,from_client; content:"GET"; http_method; content:"/i386"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834440/; classtype:trojan-activity;sid:83697540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834441)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834441/; classtype:trojan-activity;sid:83697541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834436)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"192.187.121.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834436/; classtype:trojan-activity;sid:83697536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834437)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834437/; classtype:trojan-activity;sid:83697537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834435)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834435/; classtype:trojan-activity;sid:83697535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834433)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"158.247.195.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834433/; classtype:trojan-activity;sid:83697533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834434)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.132.121.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834434/; classtype:trojan-activity;sid:83697534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834432)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834432/; classtype:trojan-activity;sid:83697532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834430)"; flow:established,from_client; content:"GET"; http_method; content:"/armv4l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834430/; classtype:trojan-activity;sid:83697530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834431)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"149.28.146.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834431/; classtype:trojan-activity;sid:83697531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834427)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834427/; classtype:trojan-activity;sid:83697527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834428)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834428/; classtype:trojan-activity;sid:83697528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834429)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834429/; classtype:trojan-activity;sid:83697529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834423)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834423/; classtype:trojan-activity;sid:83697523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834424)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.252.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834424/; classtype:trojan-activity;sid:83697524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834425)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834425/; classtype:trojan-activity;sid:83697525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834426)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834426/; classtype:trojan-activity;sid:83697526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834422)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834422/; classtype:trojan-activity;sid:83697522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834418)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834418/; classtype:trojan-activity;sid:83697518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834419)"; flow:established,from_client; content:"GET"; http_method; content:"/linux_amd64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"140.82.24.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834419/; classtype:trojan-activity;sid:83697519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834420)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"50.21.179.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834420/; classtype:trojan-activity;sid:83697520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834421)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834421/; classtype:trojan-activity;sid:83697521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834415)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834415/; classtype:trojan-activity;sid:83697515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834416)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.144.156.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834416/; classtype:trojan-activity;sid:83697516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834417)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834417/; classtype:trojan-activity;sid:83697517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834410)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.164.47.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834410/; classtype:trojan-activity;sid:83697510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834411)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834411/; classtype:trojan-activity;sid:83697511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834412)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834412/; classtype:trojan-activity;sid:83697512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834413)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834413/; classtype:trojan-activity;sid:83697513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834414)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834414/; classtype:trojan-activity;sid:83697514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834408)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834408/; classtype:trojan-activity;sid:83697508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834409)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834409/; classtype:trojan-activity;sid:83697509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834406)"; flow:established,from_client; content:"GET"; http_method; content:"/apache2"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.182.219.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834406/; classtype:trojan-activity;sid:83697506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834407)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834407/; classtype:trojan-activity;sid:83697507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834403)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.spc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834403/; classtype:trojan-activity;sid:83697503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834404)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834404/; classtype:trojan-activity;sid:83697504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834405)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834405/; classtype:trojan-activity;sid:83697505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834402)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834402/; classtype:trojan-activity;sid:83697502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834401)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834401/; classtype:trojan-activity;sid:83697501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834400)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834400/; classtype:trojan-activity;sid:83697500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834399)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834399/; classtype:trojan-activity;sid:83697499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834397)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834397/; classtype:trojan-activity;sid:83697497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834398)"; flow:established,from_client; content:"GET"; http_method; content:"/sc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.215.183.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834398/; classtype:trojan-activity;sid:83697498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834395)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834395/; classtype:trojan-activity;sid:83697495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834396)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834396/; classtype:trojan-activity;sid:83697496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834394)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.200.134.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834394/; classtype:trojan-activity;sid:83697494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834390)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834390/; classtype:trojan-activity;sid:83697490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834391)"; flow:established,from_client; content:"GET"; http_method; content:"/nano"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"139.180.186.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834391/; classtype:trojan-activity;sid:83697491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834392)"; flow:established,from_client; content:"GET"; http_method; content:"/ps"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.187.121.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834392/; classtype:trojan-activity;sid:83697492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834393)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834393/; classtype:trojan-activity;sid:83697493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834388)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834388/; classtype:trojan-activity;sid:83697488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834389)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834389/; classtype:trojan-activity;sid:83697489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834387)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834387/; classtype:trojan-activity;sid:83697487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834384)"; flow:established,from_client; content:"GET"; http_method; content:"/m/bot.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"cs.proxy1.bf"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834384/; classtype:trojan-activity;sid:83697484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834385)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834385/; classtype:trojan-activity;sid:83697485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834386)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834386/; classtype:trojan-activity;sid:83697486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834382)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834382/; classtype:trojan-activity;sid:83697482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834383)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.114.141.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834383/; classtype:trojan-activity;sid:83697483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834380)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834380/; classtype:trojan-activity;sid:83697480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834381)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834381/; classtype:trojan-activity;sid:83697481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834379)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834379/; classtype:trojan-activity;sid:83697479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834377)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834377/; classtype:trojan-activity;sid:83697477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834378)"; flow:established,from_client; content:"GET"; http_method; content:"/hyd.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834378/; classtype:trojan-activity;sid:83697478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834375)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834375/; classtype:trojan-activity;sid:83697475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834376)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834376/; classtype:trojan-activity;sid:83697476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834374)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"113.162.132.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834374/; classtype:trojan-activity;sid:83697474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834371)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834371/; classtype:trojan-activity;sid:83697471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834372)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.71.242.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834372/; classtype:trojan-activity;sid:83697472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834373)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834373/; classtype:trojan-activity;sid:83697473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834367)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834367/; classtype:trojan-activity;sid:83697467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834368)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834368/; classtype:trojan-activity;sid:83697468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834369)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834369/; classtype:trojan-activity;sid:83697469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834370)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.sh4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834370/; classtype:trojan-activity;sid:83697470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834362)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834362/; classtype:trojan-activity;sid:83697462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834363)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834363/; classtype:trojan-activity;sid:83697463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834364)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.171.181.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834364/; classtype:trojan-activity;sid:83697464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834365)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834365/; classtype:trojan-activity;sid:83697465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834366)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834366/; classtype:trojan-activity;sid:83697466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834358)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834358/; classtype:trojan-activity;sid:83697458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834359)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834359/; classtype:trojan-activity;sid:83697459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834360)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834360/; classtype:trojan-activity;sid:83697460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834361)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834361/; classtype:trojan-activity;sid:83697461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834356)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834356/; classtype:trojan-activity;sid:83697456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834357)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834357/; classtype:trojan-activity;sid:83697457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834353)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834353/; classtype:trojan-activity;sid:83697453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834354)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834354/; classtype:trojan-activity;sid:83697454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834355)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834355/; classtype:trojan-activity;sid:83697455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834352)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834352/; classtype:trojan-activity;sid:83697452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834349)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834349/; classtype:trojan-activity;sid:83697449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834350)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834350/; classtype:trojan-activity;sid:83697450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834351)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834351/; classtype:trojan-activity;sid:83697451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834347)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834347/; classtype:trojan-activity;sid:83697447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834348)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834348/; classtype:trojan-activity;sid:83697448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834346)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.252.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834346/; classtype:trojan-activity;sid:83697446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834343)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834343/; classtype:trojan-activity;sid:83697443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834344)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834344/; classtype:trojan-activity;sid:83697444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834345)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834345/; classtype:trojan-activity;sid:83697445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834340)"; flow:established,from_client; content:"GET"; http_method; content:"/armv6l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834340/; classtype:trojan-activity;sid:83697440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834341)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834341/; classtype:trojan-activity;sid:83697441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834342)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834342/; classtype:trojan-activity;sid:83697442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834338)"; flow:established,from_client; content:"GET"; http_method; content:"/armv7l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834338/; classtype:trojan-activity;sid:83697438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834339)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834339/; classtype:trojan-activity;sid:83697439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834335)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834335/; classtype:trojan-activity;sid:83697435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834336)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834336/; classtype:trojan-activity;sid:83697436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834337)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834337/; classtype:trojan-activity;sid:83697437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834334)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.165.104.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834334/; classtype:trojan-activity;sid:83697434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834332)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.128.232.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834332/; classtype:trojan-activity;sid:83697432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834333)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.14.48.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834333/; classtype:trojan-activity;sid:83697433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834330)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834330/; classtype:trojan-activity;sid:83697430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834331)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/bdfee.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834331/; classtype:trojan-activity;sid:83697431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834327)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834327/; classtype:trojan-activity;sid:83697427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834328)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834328/; classtype:trojan-activity;sid:83697428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834329)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.228.147.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834329/; classtype:trojan-activity;sid:83697429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834325)"; flow:established,from_client; content:"GET"; http_method; content:"/wget"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.208.247.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834325/; classtype:trojan-activity;sid:83697425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834326)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834326/; classtype:trojan-activity;sid:83697426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834323)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834323/; classtype:trojan-activity;sid:83697423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834324)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.95.169.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834324/; classtype:trojan-activity;sid:83697424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834319)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"192.151.156.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834319/; classtype:trojan-activity;sid:83697419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834320)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834320/; classtype:trojan-activity;sid:83697420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834321)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.snoopy"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.128.64.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834321/; classtype:trojan-activity;sid:83697421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834322)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834322/; classtype:trojan-activity;sid:83697422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834317)"; flow:established,from_client; content:"GET"; http_method; content:"/kelly.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.71.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834317/; classtype:trojan-activity;sid:83697417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834318)"; flow:established,from_client; content:"GET"; http_method; content:"/ps"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"192.187.121.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834318/; classtype:trojan-activity;sid:83697418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834316)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834316/; classtype:trojan-activity;sid:83697416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834312)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.10.45.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834312/; classtype:trojan-activity;sid:83697412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834313)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.156.100.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834313/; classtype:trojan-activity;sid:83697413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834314)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834314/; classtype:trojan-activity;sid:83697414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834315)"; flow:established,from_client; content:"GET"; http_method; content:"/mil"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.95.169.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834315/; classtype:trojan-activity;sid:83697415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834307)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834307/; classtype:trojan-activity;sid:83697407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834308)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834308/; classtype:trojan-activity;sid:83697408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834309)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834309/; classtype:trojan-activity;sid:83697409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834310)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834310/; classtype:trojan-activity;sid:83697410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834311)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834311/; classtype:trojan-activity;sid:83697411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834305)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834305/; classtype:trojan-activity;sid:83697405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834306)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"217.160.147.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834306/; classtype:trojan-activity;sid:83697406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834304)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.61.202.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834304/; classtype:trojan-activity;sid:83697404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834303)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834303/; classtype:trojan-activity;sid:83697403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834301)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834301/; classtype:trojan-activity;sid:83697401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834302)"; flow:established,from_client; content:"GET"; http_method; content:"/zmap.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"93.123.85.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834302/; classtype:trojan-activity;sid:83697402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834300/; classtype:trojan-activity;sid:83697400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834299)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.154.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834299/; classtype:trojan-activity;sid:83697399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834298)"; flow:established,from_client; content:"GET"; http_method; content:"/logo3.jpg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"a0950747.xsph.ru"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834298/; classtype:trojan-activity;sid:83697398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.126.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834296/; classtype:trojan-activity;sid:83697396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.88.72"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834297/; classtype:trojan-activity;sid:83697397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.47.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834295/; classtype:trojan-activity;sid:83697395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"216.221.207.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834294/; classtype:trojan-activity;sid:83697394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.244.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834293/; classtype:trojan-activity;sid:83697393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.156.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834292/; classtype:trojan-activity;sid:83697392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.164.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834291/; classtype:trojan-activity;sid:83697391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.91.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834290/; classtype:trojan-activity;sid:83697390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834289/; classtype:trojan-activity;sid:83697389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.237.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834288/; classtype:trojan-activity;sid:83697388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.72.96"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834287/; classtype:trojan-activity;sid:83697387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.155.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834286/; classtype:trojan-activity;sid:83697386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834285/; classtype:trojan-activity;sid:83697385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.209.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834284/; classtype:trojan-activity;sid:83697384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834283)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.224.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834283/; classtype:trojan-activity;sid:83697383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.9.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834282/; classtype:trojan-activity;sid:83697382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.237.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834281/; classtype:trojan-activity;sid:83697381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834280/; classtype:trojan-activity;sid:83697380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.125.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834279/; classtype:trojan-activity;sid:83697379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834278/; classtype:trojan-activity;sid:83697378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834277/; classtype:trojan-activity;sid:83697377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.47.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834276/; classtype:trojan-activity;sid:83697376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834275/; classtype:trojan-activity;sid:83697375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834274/; classtype:trojan-activity;sid:83697374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.155.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834273/; classtype:trojan-activity;sid:83697373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.116.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834272/; classtype:trojan-activity;sid:83697372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.224.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834271/; classtype:trojan-activity;sid:83697371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834270/; classtype:trojan-activity;sid:83697370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.66.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834269/; classtype:trojan-activity;sid:83697369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834268/; classtype:trojan-activity;sid:83697368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.26.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834266/; classtype:trojan-activity;sid:83697366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.63.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834267/; classtype:trojan-activity;sid:83697367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834265/; classtype:trojan-activity;sid:83697365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.60.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834264/; classtype:trojan-activity;sid:83697364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834263/; classtype:trojan-activity;sid:83697363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.7.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834262/; classtype:trojan-activity;sid:83697362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.143.19.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834261/; classtype:trojan-activity;sid:83697361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.60.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834260/; classtype:trojan-activity;sid:83697360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.74.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834259/; classtype:trojan-activity;sid:83697359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834258/; classtype:trojan-activity;sid:83697358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.237.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834257/; classtype:trojan-activity;sid:83697357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.157.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834256/; classtype:trojan-activity;sid:83697356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.231.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834253/; classtype:trojan-activity;sid:83697353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834254/; classtype:trojan-activity;sid:83697354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.194.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834255/; classtype:trojan-activity;sid:83697355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834252/; classtype:trojan-activity;sid:83697352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834251/; classtype:trojan-activity;sid:83697351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834250/; classtype:trojan-activity;sid:83697350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834249/; classtype:trojan-activity;sid:83697349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.1.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834248/; classtype:trojan-activity;sid:83697348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.74.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834247/; classtype:trojan-activity;sid:83697347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.12.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834246/; classtype:trojan-activity;sid:83697346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.57.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834245/; classtype:trojan-activity;sid:83697345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.143.19.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834244/; classtype:trojan-activity;sid:83697344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834243)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.20.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834243/; classtype:trojan-activity;sid:83697343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.66.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834242/; classtype:trojan-activity;sid:83697342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.7.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834241/; classtype:trojan-activity;sid:83697341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.204.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834240/; classtype:trojan-activity;sid:83697340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834239/; classtype:trojan-activity;sid:83697339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.78.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834237/; classtype:trojan-activity;sid:83697337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834238/; classtype:trojan-activity;sid:83697338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.157.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834236/; classtype:trojan-activity;sid:83697336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.139.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834235/; classtype:trojan-activity;sid:83697335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.4.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834234/; classtype:trojan-activity;sid:83697334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.236.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834233/; classtype:trojan-activity;sid:83697333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834232/; classtype:trojan-activity;sid:83697332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.209.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834231/; classtype:trojan-activity;sid:83697331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834230/; classtype:trojan-activity;sid:83697330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834229/; classtype:trojan-activity;sid:83697329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834228)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669109419|3f|hash=jkpo6xknggloev5w3rmyvyipbkbz4iqzfc2nqtv2wsw|7c|26|7c|dl=z0cbj6cbwdg5wajzxjczzirvaqbpjzspnaeuizzfcp0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834228/; classtype:trojan-activity;sid:83697328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.12.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834227/; classtype:trojan-activity;sid:83697327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834226/; classtype:trojan-activity;sid:83697326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834225)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.63.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834225/; classtype:trojan-activity;sid:83697325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834224)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.117.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834224/; classtype:trojan-activity;sid:83697324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.105.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834223/; classtype:trojan-activity;sid:83697323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834222/; classtype:trojan-activity;sid:83697322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.4.196"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834221/; classtype:trojan-activity;sid:83697321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.105.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834220/; classtype:trojan-activity;sid:83697320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.157.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834219/; classtype:trojan-activity;sid:83697319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.52.245.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834218/; classtype:trojan-activity;sid:83697318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.4.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834217/; classtype:trojan-activity;sid:83697317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.7.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834216/; classtype:trojan-activity;sid:83697316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834215)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834215/; classtype:trojan-activity;sid:83697315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.178.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834214/; classtype:trojan-activity;sid:83697314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.184.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834213/; classtype:trojan-activity;sid:83697313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.209.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834212/; classtype:trojan-activity;sid:83697312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.1.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834211/; classtype:trojan-activity;sid:83697311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.227.165.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834210/; classtype:trojan-activity;sid:83697310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.13.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834209/; classtype:trojan-activity;sid:83697309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.124.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834208/; classtype:trojan-activity;sid:83697308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834207/; classtype:trojan-activity;sid:83697307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.52.245.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834206/; classtype:trojan-activity;sid:83697306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.4.196"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834205/; classtype:trojan-activity;sid:83697305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.88.108.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834204/; classtype:trojan-activity;sid:83697304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.13.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834203/; classtype:trojan-activity;sid:83697303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834202/; classtype:trojan-activity;sid:83697302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.178.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834201/; classtype:trojan-activity;sid:83697301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.37.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834200/; classtype:trojan-activity;sid:83697300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.13.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834199/; classtype:trojan-activity;sid:83697299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.110.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834198/; classtype:trojan-activity;sid:83697298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834196/; classtype:trojan-activity;sid:83697296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.137"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834197/; classtype:trojan-activity;sid:83697297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.184.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834195/; classtype:trojan-activity;sid:83697295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.161.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834194/; classtype:trojan-activity;sid:83697294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834192)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834192/; classtype:trojan-activity;sid:83697292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834193)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834193/; classtype:trojan-activity;sid:83697293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834191)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834191/; classtype:trojan-activity;sid:83697291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834188)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834188/; classtype:trojan-activity;sid:83697288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834189)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834189/; classtype:trojan-activity;sid:83697289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834190)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834190/; classtype:trojan-activity;sid:83697290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834182)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834182/; classtype:trojan-activity;sid:83697282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834183)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834183/; classtype:trojan-activity;sid:83697283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834184)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834184/; classtype:trojan-activity;sid:83697284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834185)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834185/; classtype:trojan-activity;sid:83697285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834186)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834186/; classtype:trojan-activity;sid:83697286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834187)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"176.123.1.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834187/; classtype:trojan-activity;sid:83697287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834181)"; flow:established,from_client; content:"GET"; http_method; content:"/pocs/a.bat"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.63.99.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834181/; classtype:trojan-activity;sid:83697281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.132.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834180/; classtype:trojan-activity;sid:83697280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.157.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834179/; classtype:trojan-activity;sid:83697279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834177)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834177/; classtype:trojan-activity;sid:83697277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834178)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834178/; classtype:trojan-activity;sid:83697278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834176/; classtype:trojan-activity;sid:83697276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834175/; classtype:trojan-activity;sid:83697275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834174/; classtype:trojan-activity;sid:83697274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.165.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834172/; classtype:trojan-activity;sid:83697272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834173)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834173/; classtype:trojan-activity;sid:83697273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834169)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834169/; classtype:trojan-activity;sid:83697269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834170)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834170/; classtype:trojan-activity;sid:83697270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834171)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834171/; classtype:trojan-activity;sid:83697271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.i686"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834159/; classtype:trojan-activity;sid:83697259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834160/; classtype:trojan-activity;sid:83697260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834161/; classtype:trojan-activity;sid:83697261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834162/; classtype:trojan-activity;sid:83697262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834163/; classtype:trojan-activity;sid:83697263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834164/; classtype:trojan-activity;sid:83697264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834165/; classtype:trojan-activity;sid:83697265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834166/; classtype:trojan-activity;sid:83697266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834167)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834167/; classtype:trojan-activity;sid:83697267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834168)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"128.199.74.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834168/; classtype:trojan-activity;sid:83697268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834158/; classtype:trojan-activity;sid:83697258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.161.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834157/; classtype:trojan-activity;sid:83697257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.223.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834156/; classtype:trojan-activity;sid:83697256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834155)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bug.anesthetics.biomedzglobal.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834155/; classtype:trojan-activity;sid:83697255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.95.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834154/; classtype:trojan-activity;sid:83697254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834153/; classtype:trojan-activity;sid:83697253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.121.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834152/; classtype:trojan-activity;sid:83697252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.200.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834151/; classtype:trojan-activity;sid:83697251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.4.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834150/; classtype:trojan-activity;sid:83697250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.21.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834149/; classtype:trojan-activity;sid:83697249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834148)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/telnet.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834148/; classtype:trojan-activity;sid:83697248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834147/; classtype:trojan-activity;sid:83697247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.88.108.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834145/; classtype:trojan-activity;sid:83697245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834146/; classtype:trojan-activity;sid:83697246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834137)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrmpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834137/; classtype:trojan-activity;sid:83697237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834138)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrx86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834138/; classtype:trojan-activity;sid:83697238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834139)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834139/; classtype:trojan-activity;sid:83697239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834140)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrarm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834140/; classtype:trojan-activity;sid:83697240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834141)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrarm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834141/; classtype:trojan-activity;sid:83697241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834142)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrmips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834142/; classtype:trojan-activity;sid:83697242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834143)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrarm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834143/; classtype:trojan-activity;sid:83697243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834144)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrarm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834144/; classtype:trojan-activity;sid:83697244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834134)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrmips2"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834134/; classtype:trojan-activity;sid:83697234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834135)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrx86_64"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834135/; classtype:trojan-activity;sid:83697235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834136)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/vrsh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834136/; classtype:trojan-activity;sid:83697236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.41.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834133/; classtype:trojan-activity;sid:83697233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.25.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834132/; classtype:trojan-activity;sid:83697232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834131/; classtype:trojan-activity;sid:83697231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.165.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834130/; classtype:trojan-activity;sid:83697230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834129)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834129/; classtype:trojan-activity;sid:83697229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.57.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834128/; classtype:trojan-activity;sid:83697228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834126)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834126/; classtype:trojan-activity;sid:83697226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834127)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834127/; classtype:trojan-activity;sid:83697227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834121)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834121/; classtype:trojan-activity;sid:83697221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834122)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834122/; classtype:trojan-activity;sid:83697222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834123)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834123/; classtype:trojan-activity;sid:83697223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834124)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834124/; classtype:trojan-activity;sid:83697224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834125)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834125/; classtype:trojan-activity;sid:83697225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834118)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834118/; classtype:trojan-activity;sid:83697218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834119)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834119/; classtype:trojan-activity;sid:83697219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834120)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834120/; classtype:trojan-activity;sid:83697220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834116)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834116/; classtype:trojan-activity;sid:83697216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834117)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"craf.kro.kr"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834117/; classtype:trojan-activity;sid:83697217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834115/; classtype:trojan-activity;sid:83697215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.101.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834114/; classtype:trojan-activity;sid:83697214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834113/; classtype:trojan-activity;sid:83697213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.50.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834112/; classtype:trojan-activity;sid:83697212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.154.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834111/; classtype:trojan-activity;sid:83697211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.28.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834108/; classtype:trojan-activity;sid:83697208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.101.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834109/; classtype:trojan-activity;sid:83697209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834110/; classtype:trojan-activity;sid:83697210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.19.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834107/; classtype:trojan-activity;sid:83697207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834103)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834103/; classtype:trojan-activity;sid:83697203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834104)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834104/; classtype:trojan-activity;sid:83697204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834105)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834105/; classtype:trojan-activity;sid:83697205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834106)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834106/; classtype:trojan-activity;sid:83697206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834099)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834099/; classtype:trojan-activity;sid:83697199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834100)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834100/; classtype:trojan-activity;sid:83697200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834101)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834101/; classtype:trojan-activity;sid:83697201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834102)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834102/; classtype:trojan-activity;sid:83697202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834098)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834098/; classtype:trojan-activity;sid:83697198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834095)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834095/; classtype:trojan-activity;sid:83697195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834096)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834096/; classtype:trojan-activity;sid:83697196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834097)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834097/; classtype:trojan-activity;sid:83697197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834094)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utna==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"147.45.47.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834094/; classtype:trojan-activity;sid:83697194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834093)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmq==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"147.45.47.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834093/; classtype:trojan-activity;sid:83697193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834092)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmg==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"147.45.47.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834092/; classtype:trojan-activity;sid:83697192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834091)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmw==|7c|26|7c|id=63a9f0ea7bb98050796b649e85481845"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"147.45.47.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834091/; classtype:trojan-activity;sid:83697191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.41.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834090/; classtype:trojan-activity;sid:83697190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834089)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"37.60.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834089/; classtype:trojan-activity;sid:83697189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834088)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"31.172.87.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834088/; classtype:trojan-activity;sid:83697188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834087)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmi5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"91.151.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834087/; classtype:trojan-activity;sid:83697187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834081)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmy5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"54.36.113.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834081/; classtype:trojan-activity;sid:83697181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834082)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utni5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"37.60.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834082/; classtype:trojan-activity;sid:83697182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834083)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"54.36.113.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834083/; classtype:trojan-activity;sid:83697183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834084)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmi5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"37.60.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834084/; classtype:trojan-activity;sid:83697184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834085)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utns5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"37.60.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834085/; classtype:trojan-activity;sid:83697185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834086)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmy5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"37.60.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834086/; classtype:trojan-activity;sid:83697186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834073)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utni5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"54.36.113.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834073/; classtype:trojan-activity;sid:83697173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834074)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utmi5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"54.36.113.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834074/; classtype:trojan-activity;sid:83697174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834075)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"91.151.88.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834075/; classtype:trojan-activity;sid:83697175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834076)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"45.93.137.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834076/; classtype:trojan-activity;sid:83697176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834077)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utms5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"103.67.163.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834077/; classtype:trojan-activity;sid:83697177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834078)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utnc5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"54.36.113.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834078/; classtype:trojan-activity;sid:83697178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834079)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utnc5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"37.60.238.252"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834079/; classtype:trojan-activity;sid:83697179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834080)"; flow:established,from_client; content:"GET"; http_method; content:"/getfile.php|3f|download=yxbwlxjlbgvhc2utns5hcgs="; http_uri; depth:49; isdataat:!1,relative; nocase; content:"54.36.113.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834080/; classtype:trojan-activity;sid:83697180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834072/; classtype:trojan-activity;sid:83697172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.28.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834071/; classtype:trojan-activity;sid:83697171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834070/; classtype:trojan-activity;sid:83697170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834069/; classtype:trojan-activity;sid:83697169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.223.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834067/; classtype:trojan-activity;sid:83697167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834068)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.33.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834068/; classtype:trojan-activity;sid:83697168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.108.90.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834066/; classtype:trojan-activity;sid:83697166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.158.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834065/; classtype:trojan-activity;sid:83697165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834064/; classtype:trojan-activity;sid:83697164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834063)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.25.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834063/; classtype:trojan-activity;sid:83697163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834062)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/google-maps-easy/classes/wpe-enige.html"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mizpuraciculukavcu.ba"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834062/; classtype:trojan-activity;sid:83697162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.50.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834061/; classtype:trojan-activity;sid:83697161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.101.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834060/; classtype:trojan-activity;sid:83697160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834059)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.96.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834059/; classtype:trojan-activity;sid:83697159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.213.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834058/; classtype:trojan-activity;sid:83697158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834057)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834057/; classtype:trojan-activity;sid:83697157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.158.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834056/; classtype:trojan-activity;sid:83697156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.223.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834055/; classtype:trojan-activity;sid:83697155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.121.83.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834054/; classtype:trojan-activity;sid:83697154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834053)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xhicktx7dthp"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834053/; classtype:trojan-activity;sid:83697153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834052/; classtype:trojan-activity;sid:83697152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.119.199.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834051/; classtype:trojan-activity;sid:83697151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.192.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834050/; classtype:trojan-activity;sid:83697150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.198.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834049/; classtype:trojan-activity;sid:83697149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834048)"; flow:established,from_client; content:"GET"; http_method; content:"/ohshit.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834048/; classtype:trojan-activity;sid:83697148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834044)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834044/; classtype:trojan-activity;sid:83697144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834045)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834045/; classtype:trojan-activity;sid:83697145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834046)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834046/; classtype:trojan-activity;sid:83697146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834047)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834047/; classtype:trojan-activity;sid:83697147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834041)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834041/; classtype:trojan-activity;sid:83697141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834042)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834042/; classtype:trojan-activity;sid:83697142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834043)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834043/; classtype:trojan-activity;sid:83697143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834036)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834036/; classtype:trojan-activity;sid:83697136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834037)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834037/; classtype:trojan-activity;sid:83697137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834038)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834038/; classtype:trojan-activity;sid:83697138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834039)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834039/; classtype:trojan-activity;sid:83697139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834040)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.67.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834040/; classtype:trojan-activity;sid:83697140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834035)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.198.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834035/; classtype:trojan-activity;sid:83697135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.44.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834034/; classtype:trojan-activity;sid:83697134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834032)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.64.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834032/; classtype:trojan-activity;sid:83697132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834033/; classtype:trojan-activity;sid:83697133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834031)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834031/; classtype:trojan-activity;sid:83697131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834030)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.48.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834030/; classtype:trojan-activity;sid:83697130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834029)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.141.36.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834029/; classtype:trojan-activity;sid:83697129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.70.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834028/; classtype:trojan-activity;sid:83697128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.154.249.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834027/; classtype:trojan-activity;sid:83697127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834026/; classtype:trojan-activity;sid:83697126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834025)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.154.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834025/; classtype:trojan-activity;sid:83697125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.149.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834023/; classtype:trojan-activity;sid:83697123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.99.97.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834024/; classtype:trojan-activity;sid:83697124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.208.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834022/; classtype:trojan-activity;sid:83697122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.63.114.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834021/; classtype:trojan-activity;sid:83697121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.188.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834020/; classtype:trojan-activity;sid:83697120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834019/; classtype:trojan-activity;sid:83697119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834018/; classtype:trojan-activity;sid:83697118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834017)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"210.50.169.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834017/; classtype:trojan-activity;sid:83697117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834016/; classtype:trojan-activity;sid:83697116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.69.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834015/; classtype:trojan-activity;sid:83697115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834014/; classtype:trojan-activity;sid:83697114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834013/; classtype:trojan-activity;sid:83697113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834012/; classtype:trojan-activity;sid:83697112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834011)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xn0v3uucqrjw"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834011/; classtype:trojan-activity;sid:83697111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834009)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.98.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834009/; classtype:trojan-activity;sid:83697109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.128.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834010/; classtype:trojan-activity;sid:83697110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.70.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834008/; classtype:trojan-activity;sid:83697108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.97.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834007/; classtype:trojan-activity;sid:83697107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.37.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834006/; classtype:trojan-activity;sid:83697106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.50.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834005/; classtype:trojan-activity;sid:83697105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.188.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834004/; classtype:trojan-activity;sid:83697104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834003)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669163151|3f|hash=yeundenoxnanhvbrcc2bnw0dbd1na4qx8y9hdktz3wo|7c|26|7c|dl=i579msw3nludhanschq5k2o9inv0hpmjajd1ahn0csp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834003/; classtype:trojan-activity;sid:83697103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.203.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834002/; classtype:trojan-activity;sid:83697102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834001)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669163253|3f|hash=iw0hsgrk8ydx7cqoqamikklp8eu8tjrsyfcdgdtn1k0|7c|26|7c|dl=zmc21wrdfh2ratobxxmq3axikvjhkfiv4okccepbnnk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834001/; classtype:trojan-activity;sid:83697101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2834000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2834000/; classtype:trojan-activity;sid:83697100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.174.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833999/; classtype:trojan-activity;sid:83697099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.157.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833998/; classtype:trojan-activity;sid:83697098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.70.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833997/; classtype:trojan-activity;sid:83697097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.229.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833996/; classtype:trojan-activity;sid:83697096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.237.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833995/; classtype:trojan-activity;sid:83697095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.117.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833994/; classtype:trojan-activity;sid:83697094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.81.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833993/; classtype:trojan-activity;sid:83697093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833992/; classtype:trojan-activity;sid:83697092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833991/; classtype:trojan-activity;sid:83697091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.159.133.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833990/; classtype:trojan-activity;sid:83697090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833989)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.37.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833989/; classtype:trojan-activity;sid:83697089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833988)"; flow:established,from_client; content:"GET"; http_method; content:"/newestenc.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833988/; classtype:trojan-activity;sid:83697088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833987)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.12.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833987/; classtype:trojan-activity;sid:83697087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833986)"; flow:established,from_client; content:"GET"; http_method; content:"/clienttdl.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833986/; classtype:trojan-activity;sid:83697086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833985)"; flow:established,from_client; content:"GET"; http_method; content:"/ratv3.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833985/; classtype:trojan-activity;sid:83697085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833984)"; flow:established,from_client; content:"GET"; http_method; content:"/venom.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833984/; classtype:trojan-activity;sid:83697084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833983)"; flow:established,from_client; content:"GET"; http_method; content:"/pogingenc.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833983/; classtype:trojan-activity;sid:83697083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833982)"; flow:established,from_client; content:"GET"; http_method; content:"/venomrat%206.0.3%20hvnc.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833982/; classtype:trojan-activity;sid:83697082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833980)"; flow:established,from_client; content:"GET"; http_method; content:"/venom2c%232.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833980/; classtype:trojan-activity;sid:83697080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833981)"; flow:established,from_client; content:"GET"; http_method; content:"/1.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833981/; classtype:trojan-activity;sid:83697081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833978)"; flow:established,from_client; content:"GET"; http_method; content:"/pogingencdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833978/; classtype:trojan-activity;sid:83697078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833979)"; flow:established,from_client; content:"GET"; http_method; content:"/venoaa.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833979/; classtype:trojan-activity;sid:83697079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833974)"; flow:established,from_client; content:"GET"; http_method; content:"/venom2.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833974/; classtype:trojan-activity;sid:83697074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833975)"; flow:established,from_client; content:"GET"; http_method; content:"/venom2c%23.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833975/; classtype:trojan-activity;sid:83697075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833976)"; flow:established,from_client; content:"GET"; http_method; content:"/pogingenc%202.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833976/; classtype:trojan-activity;sid:83697076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833977)"; flow:established,from_client; content:"GET"; http_method; content:"/1%20(1).exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833977/; classtype:trojan-activity;sid:83697077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833973/; classtype:trojan-activity;sid:83697073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833972)"; flow:established,from_client; content:"GET"; http_method; content:"/encrypted.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833972/; classtype:trojan-activity;sid:83697072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833970/; classtype:trojan-activity;sid:83697070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833971)"; flow:established,from_client; content:"GET"; http_method; content:"/clientt.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833971/; classtype:trojan-activity;sid:83697071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833969)"; flow:established,from_client; content:"GET"; http_method; content:"/venom.exe.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833969/; classtype:trojan-activity;sid:83697069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.237.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833968/; classtype:trojan-activity;sid:83697068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833967/; classtype:trojan-activity;sid:83697067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.182.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833966/; classtype:trojan-activity;sid:83697066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833965/; classtype:trojan-activity;sid:83697065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833964/; classtype:trojan-activity;sid:83697064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.44.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833962/; classtype:trojan-activity;sid:83697062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.19.149.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833963/; classtype:trojan-activity;sid:83697063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.195.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833960/; classtype:trojan-activity;sid:83697060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833961)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833961/; classtype:trojan-activity;sid:83697061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833959/; classtype:trojan-activity;sid:83697059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833958/; classtype:trojan-activity;sid:83697058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.19.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833957/; classtype:trojan-activity;sid:83697057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833956/; classtype:trojan-activity;sid:83697056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833955)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.182.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833955/; classtype:trojan-activity;sid:83697055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833954/; classtype:trojan-activity;sid:83697054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.101.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833953/; classtype:trojan-activity;sid:83697053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833952/; classtype:trojan-activity;sid:83697052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833951/; classtype:trojan-activity;sid:83697051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.195.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833950/; classtype:trojan-activity;sid:83697050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833949)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.149.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833949/; classtype:trojan-activity;sid:83697049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.182.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833948/; classtype:trojan-activity;sid:83697048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833947)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.25.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833947/; classtype:trojan-activity;sid:83697047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833946/; classtype:trojan-activity;sid:83697046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.95.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833945/; classtype:trojan-activity;sid:83697045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833944/; classtype:trojan-activity;sid:83697044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.65.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833943/; classtype:trojan-activity;sid:83697043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.67.9.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833942/; classtype:trojan-activity;sid:83697042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.223.129.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833941/; classtype:trojan-activity;sid:83697041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.121.174.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833940/; classtype:trojan-activity;sid:83697040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833938/; classtype:trojan-activity;sid:83697038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833939/; classtype:trojan-activity;sid:83697039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833937)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.234.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833937/; classtype:trojan-activity;sid:83697037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833936/; classtype:trojan-activity;sid:83697036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.190.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833935/; classtype:trojan-activity;sid:83697035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.16.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833934/; classtype:trojan-activity;sid:83697034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.101.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833932/; classtype:trojan-activity;sid:83697032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833933/; classtype:trojan-activity;sid:83697033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833931)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833931/; classtype:trojan-activity;sid:83697031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.169.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833930/; classtype:trojan-activity;sid:83697030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.225.254.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833929/; classtype:trojan-activity;sid:83697029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833928/; classtype:trojan-activity;sid:83697028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833927/; classtype:trojan-activity;sid:83697027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833926)"; flow:established,from_client; content:"GET"; http_method; content:"/see.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"192.3.239.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833926/; classtype:trojan-activity;sid:83697026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833925)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/weg/creatednewthingstounderstandhowgoodfishingdowithaboatwenotunderstandthatgirl___beautifulgirlkissedmelove.doc"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"192.3.239.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833925/; classtype:trojan-activity;sid:83697025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.254.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833924/; classtype:trojan-activity;sid:83697024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.185.26.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833923/; classtype:trojan-activity;sid:83697023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833922)"; flow:established,from_client; content:"GET"; http_method; content:"/scg.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"scll.netlify.app"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833922/; classtype:trojan-activity;sid:83697022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833921/; classtype:trojan-activity;sid:83697021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833920)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-contenth/theme/twentytwentyfr.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"alphaumi.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833920/; classtype:trojan-activity;sid:83697020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833919)"; flow:established,from_client; content:"GET"; http_method; content:"/anexos/1668093182.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"s3proesc.s3.amazonaws.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833919/; classtype:trojan-activity;sid:83697019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833915)"; flow:established,from_client; content:"GET"; http_method; content:"/venomrat%206.0.3%20hvnc%20final.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"93.123.85.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833915/; classtype:trojan-activity;sid:83697015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833916)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/main/cock.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833916/; classtype:trojan-activity;sid:83697016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833917)"; flow:established,from_client; content:"GET"; http_method; content:"/3505/cnn.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"198.12.81.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833917/; classtype:trojan-activity;sid:83697017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833918)"; flow:established,from_client; content:"GET"; http_method; content:"/1355/hjcc.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"198.12.81.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833918/; classtype:trojan-activity;sid:83697018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833913)"; flow:established,from_client; content:"GET"; http_method; content:"/jsb8snav.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"files.offshore.cat"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833913/; classtype:trojan-activity;sid:83697013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833914)"; flow:established,from_client; content:"GET"; http_method; content:"/get/55bf0530df4adbcde4bb5bfac418bfda/likeepexploit.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"loader.oxy.st"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833914/; classtype:trojan-activity;sid:83697014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833911)"; flow:established,from_client; content:"GET"; http_method; content:"/venomrat%206.0.3%20hvnc%20final.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"workserver.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833911/; classtype:trojan-activity;sid:83697011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833912)"; flow:established,from_client; content:"GET"; http_method; content:"/venomrat%206.0.3%20hvnc%20final.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"workserver.ddns.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833912/; classtype:trojan-activity;sid:83697012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833910)"; flow:established,from_client; content:"GET"; http_method; content:"/%e6%9f%a5%e9%98%856024.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"srenzk.shop"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833910/; classtype:trojan-activity;sid:83697010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833909)"; flow:established,from_client; content:"GET"; http_method; content:"/123.conf"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"8.134.147.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833909/; classtype:trojan-activity;sid:83697009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833908)"; flow:established,from_client; content:"GET"; http_method; content:"/holycrossschool/2022-2023/circular/1127834871659249036.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"egenius-s3.s3.amazonaws.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833908/; classtype:trojan-activity;sid:83697008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833906)"; flow:established,from_client; content:"GET"; http_method; content:"/upsupx3.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"66.225.246.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833906/; classtype:trojan-activity;sid:83697006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833907)"; flow:established,from_client; content:"GET"; http_method; content:"/m/6053/setup_6053.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"glo4.ink"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833907/; classtype:trojan-activity;sid:83697007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833905)"; flow:established,from_client; content:"GET"; http_method; content:"/upsupx3.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"205.234.253.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833905/; classtype:trojan-activity;sid:83697005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833898)"; flow:established,from_client; content:"GET"; http_method; content:"/be.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cyg2016.xyz"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833898/; classtype:trojan-activity;sid:83696998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833899)"; flow:established,from_client; content:"GET"; http_method; content:"/server/k/l2.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833899/; classtype:trojan-activity;sid:83696999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833900)"; flow:established,from_client; content:"GET"; http_method; content:"/be.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.25.247.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833900/; classtype:trojan-activity;sid:83697000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833901)"; flow:established,from_client; content:"GET"; http_method; content:"/setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956002.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"www.btyrtr2.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833901/; classtype:trojan-activity;sid:83697001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833902)"; flow:established,from_client; content:"GET"; http_method; content:"/setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"www.aokdemc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833902/; classtype:trojan-activity;sid:83697002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833903)"; flow:established,from_client; content:"GET"; http_method; content:"/setup%e4%b8%8b%e8%bd%bd%e5%90%8d%e5%8d%95%e7%9b%ae%e5%bd%956001.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"aokdemc.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833903/; classtype:trojan-activity;sid:83697003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833904)"; flow:established,from_client; content:"GET"; http_method; content:"/frexoff/efefwefwwf/raw/main/cock.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833904/; classtype:trojan-activity;sid:83697004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833897)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/773/797/original/new_image.jpg|3f|1713882029"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833897/; classtype:trojan-activity;sid:83696997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833896)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/bild_redlain.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"193.233.132.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833896/; classtype:trojan-activity;sid:83696996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833895)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/hgh/wanthearthatbeautifulgirlilovedheralotofthingsneedtodobutsheisverybeautifulgirlwhoilovedheralotmygirlsheis___iwantshewillbehappy.doc"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"198.12.81.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833895/; classtype:trojan-activity;sid:83696995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833894)"; flow:established,from_client; content:"GET"; http_method; content:"/mimikatz.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"disk.hostz1.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833894/; classtype:trojan-activity;sid:83696994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833893)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.153.140.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833893/; classtype:trojan-activity;sid:83696993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833892)"; flow:established,from_client; content:"GET"; http_method; content:"/mf/am.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"rtattack.ralyjya9.online"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833892/; classtype:trojan-activity;sid:83696992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833891)"; flow:established,from_client; content:"GET"; http_method; content:"/7f2b25ae3e35529e1dcef7c2b1f6bce9/cad54ba5b01423b1af8ec10ab5719d97.exe"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"carthewasher.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833891/; classtype:trojan-activity;sid:83696991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.149.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833890/; classtype:trojan-activity;sid:83696990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833889/; classtype:trojan-activity;sid:83696989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.26.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833888/; classtype:trojan-activity;sid:83696988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.156.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833887/; classtype:trojan-activity;sid:83696987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833886/; classtype:trojan-activity;sid:83696986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833885/; classtype:trojan-activity;sid:83696985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.133.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833884/; classtype:trojan-activity;sid:83696984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.208.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833883/; classtype:trojan-activity;sid:83696983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.243.34.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833882/; classtype:trojan-activity;sid:83696982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833881/; classtype:trojan-activity;sid:83696981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833880)"; flow:established,from_client; content:"GET"; http_method; content:"/load/download.php|3f|c=1000"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"d1olnfqg9ss9n0.cloudfront.net"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833880/; classtype:trojan-activity;sid:83696980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.169.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833879/; classtype:trojan-activity;sid:83696979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.152.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833878/; classtype:trojan-activity;sid:83696978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833877/; classtype:trojan-activity;sid:83696977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.230.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833876/; classtype:trojan-activity;sid:83696976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833875/; classtype:trojan-activity;sid:83696975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833874/; classtype:trojan-activity;sid:83696974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.35.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833873/; classtype:trojan-activity;sid:83696973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.227.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833872/; classtype:trojan-activity;sid:83696972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.133.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833871/; classtype:trojan-activity;sid:83696971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.131.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833869/; classtype:trojan-activity;sid:83696969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833870)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833870/; classtype:trojan-activity;sid:83696970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.220.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833868/; classtype:trojan-activity;sid:83696968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833867/; classtype:trojan-activity;sid:83696967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833866/; classtype:trojan-activity;sid:83696966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.118.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833865/; classtype:trojan-activity;sid:83696965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.131.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833864/; classtype:trojan-activity;sid:83696964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833863)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.227.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833863/; classtype:trojan-activity;sid:83696963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833862)"; flow:established,from_client; content:"GET"; http_method; content:"/epq.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.94.54.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833862/; classtype:trojan-activity;sid:83696962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.178.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833861/; classtype:trojan-activity;sid:83696961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833859)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.199.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833859/; classtype:trojan-activity;sid:83696959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.87.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833860/; classtype:trojan-activity;sid:83696960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.10.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833858/; classtype:trojan-activity;sid:83696958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.220.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833857/; classtype:trojan-activity;sid:83696957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833856)"; flow:established,from_client; content:"GET"; http_method; content:"/rumba/buben.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833856/; classtype:trojan-activity;sid:83696956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833855)"; flow:established,from_client; content:"GET"; http_method; content:"/28088/hrrm/havenewthingstounderstandwhichgivegreatthingsimeanbeautu=ifulthingseverfindedonearth____sheismygirlmywifemyheartsheis.doc"; http_uri; depth:133; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833855/; classtype:trojan-activity;sid:83696955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833854)"; flow:established,from_client; content:"GET"; http_method; content:"/4vzvc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"pop.tg"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833854/; classtype:trojan-activity;sid:83696954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.254.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833853/; classtype:trojan-activity;sid:83696953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833852/; classtype:trojan-activity;sid:83696952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833851/; classtype:trojan-activity;sid:83696951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.118.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833850/; classtype:trojan-activity;sid:83696950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.17.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833849/; classtype:trojan-activity;sid:83696949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.79.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833848/; classtype:trojan-activity;sid:83696948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.149.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833846/; classtype:trojan-activity;sid:83696946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.10.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833847/; classtype:trojan-activity;sid:83696947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833845/; classtype:trojan-activity;sid:83696945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.231.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833844/; classtype:trojan-activity;sid:83696944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833842/; classtype:trojan-activity;sid:83696942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.95.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833843/; classtype:trojan-activity;sid:83696943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.99.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833841/; classtype:trojan-activity;sid:83696941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.79.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833840/; classtype:trojan-activity;sid:83696940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.145.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833839/; classtype:trojan-activity;sid:83696939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.246.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833838/; classtype:trojan-activity;sid:83696938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.224.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833837/; classtype:trojan-activity;sid:83696937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.219.63.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833836/; classtype:trojan-activity;sid:83696936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.112.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833835/; classtype:trojan-activity;sid:83696935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.226.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833834/; classtype:trojan-activity;sid:83696934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833833)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.46.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833833/; classtype:trojan-activity;sid:83696933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833832)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833832/; classtype:trojan-activity;sid:83696932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833831/; classtype:trojan-activity;sid:83696931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.118.243.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833830/; classtype:trojan-activity;sid:83696930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833829)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/disbot"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833829/; classtype:trojan-activity;sid:83696929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.246.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833828/; classtype:trojan-activity;sid:83696928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833827/; classtype:trojan-activity;sid:83696927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.224.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833826/; classtype:trojan-activity;sid:83696926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833825)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833825/; classtype:trojan-activity;sid:83696925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833824)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.145.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833824/; classtype:trojan-activity;sid:83696924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833823/; classtype:trojan-activity;sid:83696923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.17.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833822/; classtype:trojan-activity;sid:83696922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833821)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.157.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833821/; classtype:trojan-activity;sid:83696921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833820/; classtype:trojan-activity;sid:83696920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.23.227.148"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833819/; classtype:trojan-activity;sid:83696919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.30.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833818/; classtype:trojan-activity;sid:83696918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833817/; classtype:trojan-activity;sid:83696917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833815/; classtype:trojan-activity;sid:83696915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833816)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.119.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833816/; classtype:trojan-activity;sid:83696916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.34.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833814/; classtype:trojan-activity;sid:83696914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.163.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833813/; classtype:trojan-activity;sid:83696913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833812/; classtype:trojan-activity;sid:83696912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833811)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.112.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833811/; classtype:trojan-activity;sid:83696911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.226.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833810/; classtype:trojan-activity;sid:83696910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.138.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833809/; classtype:trojan-activity;sid:83696909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833808)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833808/; classtype:trojan-activity;sid:83696908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833807/; classtype:trojan-activity;sid:83696907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.115.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833806/; classtype:trojan-activity;sid:83696906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.80.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833805/; classtype:trojan-activity;sid:83696905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.243.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833804/; classtype:trojan-activity;sid:83696904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.138.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833803/; classtype:trojan-activity;sid:83696903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833802/; classtype:trojan-activity;sid:83696902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833801)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.66.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833801/; classtype:trojan-activity;sid:83696901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.0.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833800/; classtype:trojan-activity;sid:83696900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833799/; classtype:trojan-activity;sid:83696899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.127.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833798/; classtype:trojan-activity;sid:83696898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833797)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833797/; classtype:trojan-activity;sid:83696897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.232.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833796/; classtype:trojan-activity;sid:83696896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.61.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833795/; classtype:trojan-activity;sid:83696895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.183"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833794/; classtype:trojan-activity;sid:83696894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.70.180.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833793/; classtype:trojan-activity;sid:83696893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.11.182"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833792/; classtype:trojan-activity;sid:83696892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.111.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833791/; classtype:trojan-activity;sid:83696891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833790)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669125786|3f|hash=v1rfzjl7diw7zlwb8iremp9wzgjf2mm38qf6cqvrniz|7c|26|7c|dl=d8idmv6ccvnhcmclu2iz35zurh2yfz78kvultw2eg7w|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833790/; classtype:trojan-activity;sid:83696890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833789/; classtype:trojan-activity;sid:83696889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833788)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.61.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833788/; classtype:trojan-activity;sid:83696888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833787/; classtype:trojan-activity;sid:83696887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.26.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833786/; classtype:trojan-activity;sid:83696886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833785/; classtype:trojan-activity;sid:83696885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.1.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833784/; classtype:trojan-activity;sid:83696884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833783/; classtype:trojan-activity;sid:83696883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.234.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833782/; classtype:trojan-activity;sid:83696882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.54.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833781/; classtype:trojan-activity;sid:83696881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.75.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833780/; classtype:trojan-activity;sid:83696880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833779)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.70.180.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833779/; classtype:trojan-activity;sid:83696879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833778/; classtype:trojan-activity;sid:83696878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833777)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.62.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833777/; classtype:trojan-activity;sid:83696877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.1.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833776/; classtype:trojan-activity;sid:83696876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.192.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833775/; classtype:trojan-activity;sid:83696875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.225.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833774/; classtype:trojan-activity;sid:83696874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833773/; classtype:trojan-activity;sid:83696873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833772)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.ns"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833772/; classtype:trojan-activity;sid:83696872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833771)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.234.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833771/; classtype:trojan-activity;sid:83696871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833770/; classtype:trojan-activity;sid:83696870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.4.171"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833769/; classtype:trojan-activity;sid:83696869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833768)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.120.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833768/; classtype:trojan-activity;sid:83696868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833767/; classtype:trojan-activity;sid:83696867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833766/; classtype:trojan-activity;sid:83696866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.75.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833765/; classtype:trojan-activity;sid:83696865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.167.175.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833764/; classtype:trojan-activity;sid:83696864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.153.140.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833763/; classtype:trojan-activity;sid:83696863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833762/; classtype:trojan-activity;sid:83696862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.198.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833761/; classtype:trojan-activity;sid:83696861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.101.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833760/; classtype:trojan-activity;sid:83696860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.182.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833759/; classtype:trojan-activity;sid:83696859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833758)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669152103|3f|hash=pkblrovv4lme1r6iuxvw4ddthfffr8gbvrqstklz4bx|7c|26|7c|dl=oz0yeqh4ryrcb5su2jqoknjmaecbe7ll19g2um9kyex|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833758/; classtype:trojan-activity;sid:83696858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.161.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833757/; classtype:trojan-activity;sid:83696857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.166.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833756/; classtype:trojan-activity;sid:83696856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833755/; classtype:trojan-activity;sid:83696855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.98.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833754/; classtype:trojan-activity;sid:83696854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.98.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833753/; classtype:trojan-activity;sid:83696853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.105"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833752/; classtype:trojan-activity;sid:83696852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.234.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833751/; classtype:trojan-activity;sid:83696851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.180.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833750/; classtype:trojan-activity;sid:83696850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.167.175.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833749/; classtype:trojan-activity;sid:83696849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.49.198.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833748/; classtype:trojan-activity;sid:83696848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.162.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833747/; classtype:trojan-activity;sid:83696847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.182.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833745/; classtype:trojan-activity;sid:83696845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.81.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833746/; classtype:trojan-activity;sid:83696846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.64.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833743/; classtype:trojan-activity;sid:83696843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.166.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833744/; classtype:trojan-activity;sid:83696844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.104.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833742/; classtype:trojan-activity;sid:83696842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.209.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833741/; classtype:trojan-activity;sid:83696841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.98.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833740/; classtype:trojan-activity;sid:83696840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.98.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833739/; classtype:trojan-activity;sid:83696839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.49.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833738/; classtype:trojan-activity;sid:83696838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833737)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.71.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833737/; classtype:trojan-activity;sid:83696837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.49.167.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833736/; classtype:trojan-activity;sid:83696836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.182.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833735/; classtype:trojan-activity;sid:83696835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.6.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833734/; classtype:trojan-activity;sid:83696834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.133.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833733/; classtype:trojan-activity;sid:83696833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.64.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833732/; classtype:trojan-activity;sid:83696832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833731)"; flow:established,from_client; content:"GET"; http_method; content:"/and"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833731/; classtype:trojan-activity;sid:83696831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833730)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833730/; classtype:trojan-activity;sid:83696830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833729/; classtype:trojan-activity;sid:83696829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.0.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833728/; classtype:trojan-activity;sid:83696828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.215.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833727/; classtype:trojan-activity;sid:83696827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833723)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833723/; classtype:trojan-activity;sid:83696823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833724)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833724/; classtype:trojan-activity;sid:83696824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833725)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833725/; classtype:trojan-activity;sid:83696825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.98.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833726/; classtype:trojan-activity;sid:83696826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833719)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833719/; classtype:trojan-activity;sid:83696819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833720)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833720/; classtype:trojan-activity;sid:83696820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.232.4.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833721/; classtype:trojan-activity;sid:83696821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833722)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833722/; classtype:trojan-activity;sid:83696822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833717/; classtype:trojan-activity;sid:83696817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833718)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833718/; classtype:trojan-activity;sid:83696818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833715)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833715/; classtype:trojan-activity;sid:83696815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833716)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833716/; classtype:trojan-activity;sid:83696816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833713)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833713/; classtype:trojan-activity;sid:83696813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833714)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"178.128.212.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833714/; classtype:trojan-activity;sid:83696814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.69.217.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833712/; classtype:trojan-activity;sid:83696812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.18.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833711/; classtype:trojan-activity;sid:83696811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.198.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833710/; classtype:trojan-activity;sid:83696810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833709)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833709/; classtype:trojan-activity;sid:83696809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.104.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833708/; classtype:trojan-activity;sid:83696808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.151.229.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833707/; classtype:trojan-activity;sid:83696807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.38.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833706/; classtype:trojan-activity;sid:83696806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.182.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833705/; classtype:trojan-activity;sid:83696805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.48.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833704/; classtype:trojan-activity;sid:83696804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.154.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833702/; classtype:trojan-activity;sid:83696802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833703/; classtype:trojan-activity;sid:83696803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833698)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833698/; classtype:trojan-activity;sid:83696798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833699)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833699/; classtype:trojan-activity;sid:83696799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833700)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833700/; classtype:trojan-activity;sid:83696800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833701)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833701/; classtype:trojan-activity;sid:83696801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833696)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833696/; classtype:trojan-activity;sid:83696796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833697)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833697/; classtype:trojan-activity;sid:83696797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833692)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833692/; classtype:trojan-activity;sid:83696792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833693)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833693/; classtype:trojan-activity;sid:83696793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833694)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833694/; classtype:trojan-activity;sid:83696794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833695)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833695/; classtype:trojan-activity;sid:83696795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833691)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833691/; classtype:trojan-activity;sid:83696791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833690)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833690/; classtype:trojan-activity;sid:83696790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833682)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833682/; classtype:trojan-activity;sid:83696782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833683)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833683/; classtype:trojan-activity;sid:83696783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833684)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833684/; classtype:trojan-activity;sid:83696784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833685)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833685/; classtype:trojan-activity;sid:83696785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833686)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833686/; classtype:trojan-activity;sid:83696786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.114.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833687/; classtype:trojan-activity;sid:83696787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833688)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833688/; classtype:trojan-activity;sid:83696788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833689)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833689/; classtype:trojan-activity;sid:83696789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833681)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833681/; classtype:trojan-activity;sid:83696781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833678)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833678/; classtype:trojan-activity;sid:83696778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833679)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833679/; classtype:trojan-activity;sid:83696779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833680)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833680/; classtype:trojan-activity;sid:83696780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833672)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833672/; classtype:trojan-activity;sid:83696772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833673)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833673/; classtype:trojan-activity;sid:83696773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833674)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833674/; classtype:trojan-activity;sid:83696774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833675)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833675/; classtype:trojan-activity;sid:83696775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833676)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833676/; classtype:trojan-activity;sid:83696776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833677)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833677/; classtype:trojan-activity;sid:83696777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833671)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833671/; classtype:trojan-activity;sid:83696771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833670)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833670/; classtype:trojan-activity;sid:83696770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833665)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833665/; classtype:trojan-activity;sid:83696765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833666)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833666/; classtype:trojan-activity;sid:83696766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833667)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833667/; classtype:trojan-activity;sid:83696767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833668)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833668/; classtype:trojan-activity;sid:83696768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833669)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833669/; classtype:trojan-activity;sid:83696769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833662)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833662/; classtype:trojan-activity;sid:83696762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833663)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833663/; classtype:trojan-activity;sid:83696763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833664)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833664/; classtype:trojan-activity;sid:83696764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833657)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833657/; classtype:trojan-activity;sid:83696757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833658)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833658/; classtype:trojan-activity;sid:83696758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833659)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833659/; classtype:trojan-activity;sid:83696759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833660)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833660/; classtype:trojan-activity;sid:83696760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833661)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833661/; classtype:trojan-activity;sid:83696761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833653)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833653/; classtype:trojan-activity;sid:83696753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833654)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833654/; classtype:trojan-activity;sid:83696754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833655)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833655/; classtype:trojan-activity;sid:83696755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833656)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"176.96.138.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833656/; classtype:trojan-activity;sid:83696756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.254.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833652/; classtype:trojan-activity;sid:83696752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833648)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm7"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833648/; classtype:trojan-activity;sid:83696748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833649)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm6"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833649/; classtype:trojan-activity;sid:83696749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833650)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mips"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833650/; classtype:trojan-activity;sid:83696750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833651)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_64"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833651/; classtype:trojan-activity;sid:83696751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833643)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833643/; classtype:trojan-activity;sid:83696743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833644)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/m68k"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833644/; classtype:trojan-activity;sid:83696744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833645)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/sh4"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833645/; classtype:trojan-activity;sid:83696745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833646)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/mpsl"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833646/; classtype:trojan-activity;sid:83696746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833647)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/arm"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833647/; classtype:trojan-activity;sid:83696747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833642)"; flow:established,from_client; content:"GET"; http_method; content:"/caonim2le/yournigas/raw/main/x86_32"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833642/; classtype:trojan-activity;sid:83696742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833641/; classtype:trojan-activity;sid:83696741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.18.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833640/; classtype:trojan-activity;sid:83696740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.238.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833639/; classtype:trojan-activity;sid:83696739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.142.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833638/; classtype:trojan-activity;sid:83696738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833637/; classtype:trojan-activity;sid:83696737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.229.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833636/; classtype:trojan-activity;sid:83696736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.77.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833635/; classtype:trojan-activity;sid:83696735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833634/; classtype:trojan-activity;sid:83696734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833633/; classtype:trojan-activity;sid:83696733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833632)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833632/; classtype:trojan-activity;sid:83696732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833624)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833624/; classtype:trojan-activity;sid:83696724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833625)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833625/; classtype:trojan-activity;sid:83696725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833626)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833626/; classtype:trojan-activity;sid:83696726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833627)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833627/; classtype:trojan-activity;sid:83696727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833628)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833628/; classtype:trojan-activity;sid:83696728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833629)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833629/; classtype:trojan-activity;sid:83696729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833630)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833630/; classtype:trojan-activity;sid:83696730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833631)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833631/; classtype:trojan-activity;sid:83696731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833620)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833620/; classtype:trojan-activity;sid:83696720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833621)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833621/; classtype:trojan-activity;sid:83696721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833622)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833622/; classtype:trojan-activity;sid:83696722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833623)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833623/; classtype:trojan-activity;sid:83696723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.3.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833618/; classtype:trojan-activity;sid:83696718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833619)"; flow:established,from_client; content:"GET"; http_method; content:"/sha"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833619/; classtype:trojan-activity;sid:83696719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.185.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833617/; classtype:trojan-activity;sid:83696717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833614)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833614/; classtype:trojan-activity;sid:83696714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833615)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833615/; classtype:trojan-activity;sid:83696715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833616)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833616/; classtype:trojan-activity;sid:83696716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833604)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833604/; classtype:trojan-activity;sid:83696704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833605)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833605/; classtype:trojan-activity;sid:83696705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833606)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833606/; classtype:trojan-activity;sid:83696706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833607)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833607/; classtype:trojan-activity;sid:83696707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833608)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833608/; classtype:trojan-activity;sid:83696708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833609)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833609/; classtype:trojan-activity;sid:83696709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833610)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833610/; classtype:trojan-activity;sid:83696710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833611)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833611/; classtype:trojan-activity;sid:83696711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833612)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833612/; classtype:trojan-activity;sid:83696712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833613)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833613/; classtype:trojan-activity;sid:83696713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833599)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833599/; classtype:trojan-activity;sid:83696699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833600)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833600/; classtype:trojan-activity;sid:83696700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833601)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833601/; classtype:trojan-activity;sid:83696701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833602)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833602/; classtype:trojan-activity;sid:83696702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833603)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833603/; classtype:trojan-activity;sid:83696703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.142.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833598/; classtype:trojan-activity;sid:83696698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.22.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833595/; classtype:trojan-activity;sid:83696695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.73.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833596/; classtype:trojan-activity;sid:83696696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833597/; classtype:trojan-activity;sid:83696697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.88.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833594/; classtype:trojan-activity;sid:83696694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833593/; classtype:trojan-activity;sid:83696693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833591)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833591/; classtype:trojan-activity;sid:83696691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833592)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833592/; classtype:trojan-activity;sid:83696692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833590)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.198.57.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833590/; classtype:trojan-activity;sid:83696690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833588)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833588/; classtype:trojan-activity;sid:83696688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833589)"; flow:established,from_client; content:"GET"; http_method; content:"/sora.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833589/; classtype:trojan-activity;sid:83696689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833587/; classtype:trojan-activity;sid:83696687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.123.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833586/; classtype:trojan-activity;sid:83696686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.103.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833585/; classtype:trojan-activity;sid:83696685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833584)"; flow:established,from_client; content:"GET"; http_method; content:"/linux"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.44.30.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833584/; classtype:trojan-activity;sid:83696684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833583)"; flow:established,from_client; content:"GET"; http_method; content:"/dvc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.44.30.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833583/; classtype:trojan-activity;sid:83696683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833582)"; flow:established,from_client; content:"GET"; http_method; content:"/html"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.44.30.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833582/; classtype:trojan-activity;sid:83696682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833581)"; flow:established,from_client; content:"GET"; http_method; content:"/otc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"154.44.30.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833581/; classtype:trojan-activity;sid:83696681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833580/; classtype:trojan-activity;sid:83696680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833579)"; flow:established,from_client; content:"GET"; http_method; content:"/two.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"154.44.30.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833579/; classtype:trojan-activity;sid:83696679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833578)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833578/; classtype:trojan-activity;sid:83696678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833575)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.x86_64"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833575/; classtype:trojan-activity;sid:83696675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833576)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833576/; classtype:trojan-activity;sid:83696676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833577)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.dbg"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833577/; classtype:trojan-activity;sid:83696677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833566)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833566/; classtype:trojan-activity;sid:83696666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833567)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833567/; classtype:trojan-activity;sid:83696667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833568)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833568/; classtype:trojan-activity;sid:83696668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833569)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833569/; classtype:trojan-activity;sid:83696669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833570)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833570/; classtype:trojan-activity;sid:83696670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833571)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833571/; classtype:trojan-activity;sid:83696671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833572)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833572/; classtype:trojan-activity;sid:83696672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833573)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.dbg"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833573/; classtype:trojan-activity;sid:83696673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833574)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.x86_64"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833574/; classtype:trojan-activity;sid:83696674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833565)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833565/; classtype:trojan-activity;sid:83696665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833563)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833563/; classtype:trojan-activity;sid:83696663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833564)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833564/; classtype:trojan-activity;sid:83696664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833558)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833558/; classtype:trojan-activity;sid:83696658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833559)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm4"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833559/; classtype:trojan-activity;sid:83696659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833560)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833560/; classtype:trojan-activity;sid:83696660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833561)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833561/; classtype:trojan-activity;sid:83696661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833562)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833562/; classtype:trojan-activity;sid:83696662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833555)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833555/; classtype:trojan-activity;sid:83696655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833556)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833556/; classtype:trojan-activity;sid:83696656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833557)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833557/; classtype:trojan-activity;sid:83696657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833553)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833553/; classtype:trojan-activity;sid:83696653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833554)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"net.kovey-net.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833554/; classtype:trojan-activity;sid:83696654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833552/; classtype:trojan-activity;sid:83696652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.174.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833551/; classtype:trojan-activity;sid:83696651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.36.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833550/; classtype:trojan-activity;sid:83696650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.3.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833549/; classtype:trojan-activity;sid:83696649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833548/; classtype:trojan-activity;sid:83696648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.22.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833547/; classtype:trojan-activity;sid:83696647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833546)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833546/; classtype:trojan-activity;sid:83696646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.207.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833545/; classtype:trojan-activity;sid:83696645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.6.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833544/; classtype:trojan-activity;sid:83696644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.232.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833543/; classtype:trojan-activity;sid:83696643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833542/; classtype:trojan-activity;sid:83696642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833541/; classtype:trojan-activity;sid:83696641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.5.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833540/; classtype:trojan-activity;sid:83696640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.184.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833539/; classtype:trojan-activity;sid:83696639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833538)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.179.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833538/; classtype:trojan-activity;sid:83696638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833537/; classtype:trojan-activity;sid:83696637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.91.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833536/; classtype:trojan-activity;sid:83696636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.232.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833535/; classtype:trojan-activity;sid:83696635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833534)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.243.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833534/; classtype:trojan-activity;sid:83696634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833532)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=17aa-sp7banph_xe1jx_baq3pcewr9jcp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833532/; classtype:trojan-activity;sid:83696632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833533)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zsh8wf2zeokqrphhd_-l4vzfx7gx4dqu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833533/; classtype:trojan-activity;sid:83696633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.203"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833531/; classtype:trojan-activity;sid:83696631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.18.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833530/; classtype:trojan-activity;sid:83696630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.10.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833529/; classtype:trojan-activity;sid:83696629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833524)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833524/; classtype:trojan-activity;sid:83696624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833525)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833525/; classtype:trojan-activity;sid:83696625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833526)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833526/; classtype:trojan-activity;sid:83696626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833527)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833527/; classtype:trojan-activity;sid:83696627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833528)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833528/; classtype:trojan-activity;sid:83696628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.113.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833523/; classtype:trojan-activity;sid:83696623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833522)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/zqdp8jhj"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833522/; classtype:trojan-activity;sid:83696622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833521)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.5.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833521/; classtype:trojan-activity;sid:83696621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-4ktracz1-ljedydlvp39qxb9sdzkxb0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833518/; classtype:trojan-activity;sid:83696618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.163.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833519/; classtype:trojan-activity;sid:83696619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833520)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rklpjhrddsew8gz4rq2o-4mm6w7ypghb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833520/; classtype:trojan-activity;sid:83696620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833512)"; flow:established,from_client; content:"GET"; http_method; content:"/abwdsac3c.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"proxy.heleh.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833512/; classtype:trojan-activity;sid:83696612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833513)"; flow:established,from_client; content:"GET"; http_method; content:"/abwdsac3c.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.174.73.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833513/; classtype:trojan-activity;sid:83696613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833514)"; flow:established,from_client; content:"GET"; http_method; content:"/abwdsac3bw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.174.73.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833514/; classtype:trojan-activity;sid:83696614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833515)"; flow:established,from_client; content:"GET"; http_method; content:"/abwdsac3w.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.174.73.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833515/; classtype:trojan-activity;sid:83696615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833516)"; flow:established,from_client; content:"GET"; http_method; content:"/abwdsac3w.sh"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"proxy.heleh.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833516/; classtype:trojan-activity;sid:83696616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833517)"; flow:established,from_client; content:"GET"; http_method; content:"/abwdsac3bw.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"proxy.heleh.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833517/; classtype:trojan-activity;sid:83696617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833511)"; flow:established,from_client; content:"GET"; http_method; content:"/lationooooonooooooon.txt"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833511/; classtype:trojan-activity;sid:83696611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833510)"; flow:established,from_client; content:"GET"; http_method; content:"/d/gaymw"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833510/; classtype:trojan-activity;sid:83696610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833508)"; flow:established,from_client; content:"GET"; http_method; content:"/prnportlatinos.vbs"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833508/; classtype:trojan-activity;sid:83696608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833509)"; flow:established,from_client; content:"GET"; http_method; content:"/reallylovelyladylovedfishermanwithasweetkissingonhereyesshewasbeautifulgirlalwayswholovedotherstrulyfromtheheart__sheisbeautifulgirlformeireallylovedher.doc"; http_uri; depth:157; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833509/; classtype:trojan-activity;sid:83696609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.207.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833507/; classtype:trojan-activity;sid:83696607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833506)"; flow:established,from_client; content:"GET"; http_method; content:"/lalallalallalallala.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833506/; classtype:trojan-activity;sid:83696606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833505)"; flow:established,from_client; content:"GET"; http_method; content:"/d/tpdee"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833505/; classtype:trojan-activity;sid:83696605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833504)"; flow:established,from_client; content:"GET"; http_method; content:"/vistatharagreatgirlwholovedafishermanwithallkindofkisssheisverybeautifulladywhoilovedtrulyfromtheeheartiwantthattruly___sheisnicegirlfromtheheartlovedtruly.doc"; http_uri; depth:160; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833504/; classtype:trojan-activity;sid:83696604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833503)"; flow:established,from_client; content:"GET"; http_method; content:"/lalalawgome.vbs"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"192.3.243.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833503/; classtype:trojan-activity;sid:83696603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833502/; classtype:trojan-activity;sid:83696602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833501)"; flow:established,from_client; content:"GET"; http_method; content:"/shar.scr"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"dukeenergyltd.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833501/; classtype:trojan-activity;sid:83696601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833500)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mkpjr9ltjikp0yvipvyzhsbfuxc6rvfo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833500/; classtype:trojan-activity;sid:83696600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833499)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ncwgeymyrwfylnqv95gkepkyee-qaoa8"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833499/; classtype:trojan-activity;sid:83696599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.99.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833498/; classtype:trojan-activity;sid:83696598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833497/; classtype:trojan-activity;sid:83696597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.243.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833496/; classtype:trojan-activity;sid:83696596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833495)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"nvw.demo.betterbuiltdogs.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833495/; classtype:trojan-activity;sid:83696595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833494)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.197.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833494/; classtype:trojan-activity;sid:83696594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833493)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.50.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833493/; classtype:trojan-activity;sid:83696593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.224"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833492/; classtype:trojan-activity;sid:83696592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833491/; classtype:trojan-activity;sid:83696591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.176.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833490/; classtype:trojan-activity;sid:83696590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833489/; classtype:trojan-activity;sid:83696589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.10.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833488/; classtype:trojan-activity;sid:83696588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833487)"; flow:established,from_client; content:"GET"; http_method; content:"/files/get300.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"193.233.132.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833487/; classtype:trojan-activity;sid:83696587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.41.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833486/; classtype:trojan-activity;sid:83696586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833485)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669146636|3f|hash=ooxnostodjprmndmbc1wpjr0rvkjkz1hobtpaesmhs0|7c|26|7c|dl=r9duucdheiuqlremzideaxmdqlsx2cxi5qdkmkcx3po|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833485/; classtype:trojan-activity;sid:83696585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.220.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833484/; classtype:trojan-activity;sid:83696584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.111.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833483/; classtype:trojan-activity;sid:83696583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833480/; classtype:trojan-activity;sid:83696580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833481)"; flow:established,from_client; content:"GET"; http_method; content:"/ajai/a300.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"dianomefs.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833481/; classtype:trojan-activity;sid:83696581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833482)"; flow:established,from_client; content:"GET"; http_method; content:"/ajai/a29.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dianomefs.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833482/; classtype:trojan-activity;sid:83696582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833479)"; flow:established,from_client; content:"GET"; http_method; content:"/ajai/a30.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"dianomefs.cfd"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833479/; classtype:trojan-activity;sid:83696579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833478)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/mznjw7w1"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833478/; classtype:trojan-activity;sid:83696578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.35.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833477/; classtype:trojan-activity;sid:83696577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833476/; classtype:trojan-activity;sid:83696576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.9.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833475/; classtype:trojan-activity;sid:83696575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833474/; classtype:trojan-activity;sid:83696574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.99.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833473/; classtype:trojan-activity;sid:83696573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833472)"; flow:established,from_client; content:"GET"; http_method; content:"/svchosts.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"106.54.47.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833472/; classtype:trojan-activity;sid:83696572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833471)"; flow:established,from_client; content:"GET"; http_method; content:"/system.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.54.47.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833471/; classtype:trojan-activity;sid:83696571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833470/; classtype:trojan-activity;sid:83696570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833469)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ri0rtxisuniwnfmx853e0ihlr9iajoet"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833469/; classtype:trojan-activity;sid:83696569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.147.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833468/; classtype:trojan-activity;sid:83696568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833467)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=19sfpytkxagalhkahxbsggrnzql8bwc72|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833467/; classtype:trojan-activity;sid:83696567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.176.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833466/; classtype:trojan-activity;sid:83696566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833465/; classtype:trojan-activity;sid:83696565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833464/; classtype:trojan-activity;sid:83696564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833463)"; flow:established,from_client; content:"GET"; http_method; content:"/kaxataapmzmt189.bin"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"209.90.233.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833463/; classtype:trojan-activity;sid:83696563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833462)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.63"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833462/; classtype:trojan-activity;sid:83696562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.160.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833461/; classtype:trojan-activity;sid:83696561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833460/; classtype:trojan-activity;sid:83696560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833459)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833459/; classtype:trojan-activity;sid:83696559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.109.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833458/; classtype:trojan-activity;sid:83696558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.239.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833455/; classtype:trojan-activity;sid:83696555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833456/; classtype:trojan-activity;sid:83696556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.4.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833457/; classtype:trojan-activity;sid:83696557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.9.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833454/; classtype:trojan-activity;sid:83696554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.163.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833453/; classtype:trojan-activity;sid:83696553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.33.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833452/; classtype:trojan-activity;sid:83696552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833451/; classtype:trojan-activity;sid:83696551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.38.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833450/; classtype:trojan-activity;sid:83696550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.22.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833449/; classtype:trojan-activity;sid:83696549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833448)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.147.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833448/; classtype:trojan-activity;sid:83696548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.198.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833447/; classtype:trojan-activity;sid:83696547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.101.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833445/; classtype:trojan-activity;sid:83696545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.239.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833446/; classtype:trojan-activity;sid:83696546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.45.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833444/; classtype:trojan-activity;sid:83696544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.75.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833443/; classtype:trojan-activity;sid:83696543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833441)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833441/; classtype:trojan-activity;sid:83696541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833442)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.81.242.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833442/; classtype:trojan-activity;sid:83696542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833440/; classtype:trojan-activity;sid:83696540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.6.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833439/; classtype:trojan-activity;sid:83696539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833438)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.157.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833438/; classtype:trojan-activity;sid:83696538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.72.124"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833437/; classtype:trojan-activity;sid:83696537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.80.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833436/; classtype:trojan-activity;sid:83696536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.33.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833435/; classtype:trojan-activity;sid:83696535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.35.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833434/; classtype:trojan-activity;sid:83696534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.59.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833433/; classtype:trojan-activity;sid:83696533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833432/; classtype:trojan-activity;sid:83696532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833431)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833431/; classtype:trojan-activity;sid:83696531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.6.106"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833430/; classtype:trojan-activity;sid:83696530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.255.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833429/; classtype:trojan-activity;sid:83696529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833428/; classtype:trojan-activity;sid:83696528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.126.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833427/; classtype:trojan-activity;sid:83696527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.226.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833426/; classtype:trojan-activity;sid:83696526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.135.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833425/; classtype:trojan-activity;sid:83696525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833424)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833424/; classtype:trojan-activity;sid:83696524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833423/; classtype:trojan-activity;sid:83696523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.25.76.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833422/; classtype:trojan-activity;sid:83696522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.35.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833421/; classtype:trojan-activity;sid:83696521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833420)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/predator.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833420/; classtype:trojan-activity;sid:83696520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833419)"; flow:established,from_client; content:"GET"; http_method; content:"/samm.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"covid19help.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833419/; classtype:trojan-activity;sid:83696519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.143.16.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833418/; classtype:trojan-activity;sid:83696518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833417/; classtype:trojan-activity;sid:83696517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833416/; classtype:trojan-activity;sid:83696516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833414/; classtype:trojan-activity;sid:83696514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.176.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833415/; classtype:trojan-activity;sid:83696515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.111.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833413/; classtype:trojan-activity;sid:83696513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.100.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833412/; classtype:trojan-activity;sid:83696512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.117.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833411/; classtype:trojan-activity;sid:83696511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.109.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833410/; classtype:trojan-activity;sid:83696510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.44.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833409/; classtype:trojan-activity;sid:83696509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.135.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833408/; classtype:trojan-activity;sid:83696508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.113.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833407/; classtype:trojan-activity;sid:83696507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.84.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833406/; classtype:trojan-activity;sid:83696506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833405/; classtype:trojan-activity;sid:83696505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.152.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833404/; classtype:trojan-activity;sid:83696504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833403/; classtype:trojan-activity;sid:83696503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.35.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833402/; classtype:trojan-activity;sid:83696502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.146.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833401/; classtype:trojan-activity;sid:83696501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.141.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833399/; classtype:trojan-activity;sid:83696499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.13.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833400/; classtype:trojan-activity;sid:83696500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.249.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833398/; classtype:trojan-activity;sid:83696498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.243.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833397/; classtype:trojan-activity;sid:83696497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.193.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833396/; classtype:trojan-activity;sid:83696496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833395/; classtype:trojan-activity;sid:83696495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.111.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833394/; classtype:trojan-activity;sid:83696494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.117.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833392/; classtype:trojan-activity;sid:83696492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.230.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833393/; classtype:trojan-activity;sid:83696493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.146.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833391/; classtype:trojan-activity;sid:83696491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.166.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833390/; classtype:trojan-activity;sid:83696490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.178.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833389/; classtype:trojan-activity;sid:83696489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833388/; classtype:trojan-activity;sid:83696488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.86.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833387/; classtype:trojan-activity;sid:83696487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.11.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833385/; classtype:trojan-activity;sid:83696485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833386/; classtype:trojan-activity;sid:83696486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833384/; classtype:trojan-activity;sid:83696484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833383/; classtype:trojan-activity;sid:83696483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.183.24.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833382/; classtype:trojan-activity;sid:83696482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833381)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.185.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833381/; classtype:trojan-activity;sid:83696481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833380)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.230.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833380/; classtype:trojan-activity;sid:83696480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833379/; classtype:trojan-activity;sid:83696479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833378/; classtype:trojan-activity;sid:83696478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833377)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.141.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833377/; classtype:trojan-activity;sid:83696477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.13.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833376/; classtype:trojan-activity;sid:83696476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.175.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833375/; classtype:trojan-activity;sid:83696475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833374/; classtype:trojan-activity;sid:83696474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833373)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.198.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833373/; classtype:trojan-activity;sid:83696473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833372/; classtype:trojan-activity;sid:83696472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.243.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833371/; classtype:trojan-activity;sid:83696471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.106.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833370/; classtype:trojan-activity;sid:83696470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.183.24.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833369/; classtype:trojan-activity;sid:83696469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833368/; classtype:trojan-activity;sid:83696468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.94.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833367/; classtype:trojan-activity;sid:83696467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.34.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833366/; classtype:trojan-activity;sid:83696466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.180.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833365/; classtype:trojan-activity;sid:83696465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833364/; classtype:trojan-activity;sid:83696464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.136.88.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833363/; classtype:trojan-activity;sid:83696463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.146.16.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833361/; classtype:trojan-activity;sid:83696461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833362/; classtype:trojan-activity;sid:83696462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.222.254.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833360/; classtype:trojan-activity;sid:83696460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833359/; classtype:trojan-activity;sid:83696459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833358/; classtype:trojan-activity;sid:83696458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833356)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.42.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833356/; classtype:trojan-activity;sid:83696456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833357/; classtype:trojan-activity;sid:83696457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.184.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833354/; classtype:trojan-activity;sid:83696454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.82.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833355/; classtype:trojan-activity;sid:83696455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833353/; classtype:trojan-activity;sid:83696453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833352/; classtype:trojan-activity;sid:83696452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.74.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833351/; classtype:trojan-activity;sid:83696451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.94.195"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833350/; classtype:trojan-activity;sid:83696450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.208.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833349/; classtype:trojan-activity;sid:83696449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.208.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833347/; classtype:trojan-activity;sid:83696447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.79.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833348/; classtype:trojan-activity;sid:83696448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833346/; classtype:trojan-activity;sid:83696446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.41.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833345/; classtype:trojan-activity;sid:83696445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.222.254.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833344/; classtype:trojan-activity;sid:83696444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833343)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.13.21.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833343/; classtype:trojan-activity;sid:83696443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.207.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833342/; classtype:trojan-activity;sid:83696442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833341/; classtype:trojan-activity;sid:83696441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833339/; classtype:trojan-activity;sid:83696439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.151.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833340/; classtype:trojan-activity;sid:83696440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.82.13"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833338/; classtype:trojan-activity;sid:83696438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.146.16.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833337/; classtype:trojan-activity;sid:83696437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.208.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833336/; classtype:trojan-activity;sid:83696436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.208.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833335/; classtype:trojan-activity;sid:83696435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.180.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833334/; classtype:trojan-activity;sid:83696434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833333/; classtype:trojan-activity;sid:83696433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833332/; classtype:trojan-activity;sid:83696432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.208.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833331/; classtype:trojan-activity;sid:83696431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.127.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833330/; classtype:trojan-activity;sid:83696430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833329/; classtype:trojan-activity;sid:83696429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.207.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833328/; classtype:trojan-activity;sid:83696428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833327)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.90.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833327/; classtype:trojan-activity;sid:83696427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833326/; classtype:trojan-activity;sid:83696426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.245.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833325/; classtype:trojan-activity;sid:83696425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833324/; classtype:trojan-activity;sid:83696424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.82.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833323/; classtype:trojan-activity;sid:83696423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.157.142.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833322/; classtype:trojan-activity;sid:83696422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833321/; classtype:trojan-activity;sid:83696421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.134.173.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833320/; classtype:trojan-activity;sid:83696420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833319)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"afjll.loans.fishingreelinvestments.com"; http_host; depth:38; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833319/; classtype:trojan-activity;sid:83696419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833318/; classtype:trojan-activity;sid:83696418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833317)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xbwh.demo.betterbuiltdogs.com"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833317/; classtype:trojan-activity;sid:83696417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.84.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833316/; classtype:trojan-activity;sid:83696416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.248.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833315/; classtype:trojan-activity;sid:83696415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833314/; classtype:trojan-activity;sid:83696414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833313/; classtype:trojan-activity;sid:83696413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833312/; classtype:trojan-activity;sid:83696412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833311/; classtype:trojan-activity;sid:83696411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833310)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.157.142.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833310/; classtype:trojan-activity;sid:83696410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833309)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833309/; classtype:trojan-activity;sid:83696409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833308/; classtype:trojan-activity;sid:83696408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.34.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833306/; classtype:trojan-activity;sid:83696406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833307)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833307/; classtype:trojan-activity;sid:83696407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.24.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833305/; classtype:trojan-activity;sid:83696405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.36.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833304/; classtype:trojan-activity;sid:83696404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833303/; classtype:trojan-activity;sid:83696403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.217.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833302/; classtype:trojan-activity;sid:83696402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833301/; classtype:trojan-activity;sid:83696401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.123.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833300/; classtype:trojan-activity;sid:83696400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.198.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833299/; classtype:trojan-activity;sid:83696399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833298)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833298/; classtype:trojan-activity;sid:83696398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833297)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833297/; classtype:trojan-activity;sid:83696397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833296)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.205.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833296/; classtype:trojan-activity;sid:83696396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.117.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833295/; classtype:trojan-activity;sid:83696395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833293/; classtype:trojan-activity;sid:83696393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833294/; classtype:trojan-activity;sid:83696394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833292)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.244.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833292/; classtype:trojan-activity;sid:83696392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.217.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833291/; classtype:trojan-activity;sid:83696391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833290/; classtype:trojan-activity;sid:83696390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833289/; classtype:trojan-activity;sid:83696389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.114.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833288/; classtype:trojan-activity;sid:83696388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833287/; classtype:trojan-activity;sid:83696387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833286)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.247.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833286/; classtype:trojan-activity;sid:83696386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.205.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833285/; classtype:trojan-activity;sid:83696385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833284/; classtype:trojan-activity;sid:83696384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.123.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833283/; classtype:trojan-activity;sid:83696383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.82.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833282/; classtype:trojan-activity;sid:83696382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833281/; classtype:trojan-activity;sid:83696381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.89.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833280/; classtype:trojan-activity;sid:83696380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.180.96.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833279/; classtype:trojan-activity;sid:83696379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.231.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833278/; classtype:trojan-activity;sid:83696378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.114.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833277/; classtype:trojan-activity;sid:83696377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.244.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833276/; classtype:trojan-activity;sid:83696376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.27.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833275/; classtype:trojan-activity;sid:83696375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.67.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833274/; classtype:trojan-activity;sid:83696374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833273/; classtype:trojan-activity;sid:83696373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.66.183"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833272/; classtype:trojan-activity;sid:83696372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833271/; classtype:trojan-activity;sid:83696371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.186.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833270/; classtype:trojan-activity;sid:83696370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.27.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833269/; classtype:trojan-activity;sid:83696369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.180.96.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833268/; classtype:trojan-activity;sid:83696368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.69.57.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833267/; classtype:trojan-activity;sid:83696367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.102.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833266/; classtype:trojan-activity;sid:83696366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.57.53"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833265/; classtype:trojan-activity;sid:83696365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.83.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833264/; classtype:trojan-activity;sid:83696364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.9.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833263/; classtype:trojan-activity;sid:83696363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.89.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833261/; classtype:trojan-activity;sid:83696361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833262/; classtype:trojan-activity;sid:83696362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.216.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833260/; classtype:trojan-activity;sid:83696360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833259/; classtype:trojan-activity;sid:83696359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.67.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833258/; classtype:trojan-activity;sid:83696358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833257)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669125767|3f|hash=o0s0guzbztejntgqgcpsay2tga24vik5h8nzsezchtz|7c|26|7c|dl=t6anorrfyp1ah501mlzhemitowumjo2dx1zy0bwgsno|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833257/; classtype:trojan-activity;sid:83696357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.56.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833256/; classtype:trojan-activity;sid:83696356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.189.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833255/; classtype:trojan-activity;sid:83696355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833254)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.58.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_05_01; reference:url, urlhaus.abuse.ch/url/2833254/; classtype:trojan-activity;sid:83696354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.82.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833253/; classtype:trojan-activity;sid:83696353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.102.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833252/; classtype:trojan-activity;sid:83696352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833251)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.56.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833251/; classtype:trojan-activity;sid:83696351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.189.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833250/; classtype:trojan-activity;sid:83696350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.133.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833248/; classtype:trojan-activity;sid:83696348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833249/; classtype:trojan-activity;sid:83696349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.128.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833247/; classtype:trojan-activity;sid:83696347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833246/; classtype:trojan-activity;sid:83696346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833245/; classtype:trojan-activity;sid:83696345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.193.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833244/; classtype:trojan-activity;sid:83696344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.215.180.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833243/; classtype:trojan-activity;sid:83696343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833242)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.214.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833242/; classtype:trojan-activity;sid:83696342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833241/; classtype:trojan-activity;sid:83696341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.42.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833240/; classtype:trojan-activity;sid:83696340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833239)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.210.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833239/; classtype:trojan-activity;sid:83696339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833238/; classtype:trojan-activity;sid:83696338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833237)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.186.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833237/; classtype:trojan-activity;sid:83696337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833236/; classtype:trojan-activity;sid:83696336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833234)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669073693|3f|hash=y2jthghy4m7fsolordhqzialigpvbxxerzbootcowic|7c|26|7c|dl=mzytsstsrxu67pbbq1llotv1jjpdi0joxkhinsoxa1t|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833234/; classtype:trojan-activity;sid:83696334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833235)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669134426|3f|hash=tnbm4n5ztqz5wxqv0lphazjsvaxw97frk5yjuch3rax|7c|26|7c|dl=11mqdrvzosepmfs9czqnhw4s23breztdwewxiqfowyt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833235/; classtype:trojan-activity;sid:83696335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.155.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833233/; classtype:trojan-activity;sid:83696333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833232)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.213.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833232/; classtype:trojan-activity;sid:83696332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833231/; classtype:trojan-activity;sid:83696331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833230/; classtype:trojan-activity;sid:83696330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833229/; classtype:trojan-activity;sid:83696329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.113.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833228/; classtype:trojan-activity;sid:83696328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833226/; classtype:trojan-activity;sid:83696326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.243.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833227/; classtype:trojan-activity;sid:83696327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833225/; classtype:trojan-activity;sid:83696325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.227.165.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833224/; classtype:trojan-activity;sid:83696324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.246.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833222/; classtype:trojan-activity;sid:83696322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.82.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833223/; classtype:trojan-activity;sid:83696323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833221/; classtype:trojan-activity;sid:83696321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.215.180.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833220/; classtype:trojan-activity;sid:83696320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.254.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833219/; classtype:trojan-activity;sid:83696319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833218/; classtype:trojan-activity;sid:83696318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833217)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/386"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833217/; classtype:trojan-activity;sid:83696317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833216)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mips"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833216/; classtype:trojan-activity;sid:83696316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.45.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833215/; classtype:trojan-activity;sid:83696315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.193.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833214/; classtype:trojan-activity;sid:83696314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833213)"; flow:established,from_client; content:"GET"; http_method; content:"/20matrix77/2fts3/raw/main/mpsl"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833213/; classtype:trojan-activity;sid:83696313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833212/; classtype:trojan-activity;sid:83696312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.155.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833211/; classtype:trojan-activity;sid:83696311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"83.219.1.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833210/; classtype:trojan-activity;sid:83696310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833209)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7|3f|ddos"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833209/; classtype:trojan-activity;sid:83696309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.170.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833208/; classtype:trojan-activity;sid:83696308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833207)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.53.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833207/; classtype:trojan-activity;sid:83696307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.133.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833206/; classtype:trojan-activity;sid:83696306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833205/; classtype:trojan-activity;sid:83696305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.183.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833204/; classtype:trojan-activity;sid:83696304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833203/; classtype:trojan-activity;sid:83696303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.248.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833202/; classtype:trojan-activity;sid:83696302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833200/; classtype:trojan-activity;sid:83696300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.193.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833201/; classtype:trojan-activity;sid:83696301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.66.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833199/; classtype:trojan-activity;sid:83696299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.84.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833198/; classtype:trojan-activity;sid:83696298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833197/; classtype:trojan-activity;sid:83696297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.8.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833196/; classtype:trojan-activity;sid:83696296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.47.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833195/; classtype:trojan-activity;sid:83696295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.34.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833194/; classtype:trojan-activity;sid:83696294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.248.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833193/; classtype:trojan-activity;sid:83696293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833192/; classtype:trojan-activity;sid:83696292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833191)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.8.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833191/; classtype:trojan-activity;sid:83696291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.206.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833190/; classtype:trojan-activity;sid:83696290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833189/; classtype:trojan-activity;sid:83696289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833187)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833187/; classtype:trojan-activity;sid:83696287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833188/; classtype:trojan-activity;sid:83696288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.238.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833186/; classtype:trojan-activity;sid:83696286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.73.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833185/; classtype:trojan-activity;sid:83696285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.125.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833184/; classtype:trojan-activity;sid:83696284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.209.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833183/; classtype:trojan-activity;sid:83696283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.20.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833182/; classtype:trojan-activity;sid:83696282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.186.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833181/; classtype:trojan-activity;sid:83696281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833180)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.219.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833180/; classtype:trojan-activity;sid:83696280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833179/; classtype:trojan-activity;sid:83696279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833177/; classtype:trojan-activity;sid:83696277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833178/; classtype:trojan-activity;sid:83696278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.253.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833176/; classtype:trojan-activity;sid:83696276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.186.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833175/; classtype:trojan-activity;sid:83696275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833174)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.209.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833174/; classtype:trojan-activity;sid:83696274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.125.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833173/; classtype:trojan-activity;sid:83696273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.217.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833172/; classtype:trojan-activity;sid:83696272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.72.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833171/; classtype:trojan-activity;sid:83696271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.179.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833170/; classtype:trojan-activity;sid:83696270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.32.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833169/; classtype:trojan-activity;sid:83696269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.238.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833168/; classtype:trojan-activity;sid:83696268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.209.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833167/; classtype:trojan-activity;sid:83696267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.220"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833166/; classtype:trojan-activity;sid:83696266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833165/; classtype:trojan-activity;sid:83696265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.96.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833164/; classtype:trojan-activity;sid:83696264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.218.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833163/; classtype:trojan-activity;sid:83696263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.177.28.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833162/; classtype:trojan-activity;sid:83696262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833161/; classtype:trojan-activity;sid:83696261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.94.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833160/; classtype:trojan-activity;sid:83696260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833159/; classtype:trojan-activity;sid:83696259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.217.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833158/; classtype:trojan-activity;sid:83696258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.74.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833157/; classtype:trojan-activity;sid:83696257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.179.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833156/; classtype:trojan-activity;sid:83696256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.189.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833155/; classtype:trojan-activity;sid:83696255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833154/; classtype:trojan-activity;sid:83696254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.88.129.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833153/; classtype:trojan-activity;sid:83696253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.89.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833152/; classtype:trojan-activity;sid:83696252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.44.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833151/; classtype:trojan-activity;sid:83696251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.146.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833150/; classtype:trojan-activity;sid:83696250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833148/; classtype:trojan-activity;sid:83696248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833149)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.10.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833149/; classtype:trojan-activity;sid:83696249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833147)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.9.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833147/; classtype:trojan-activity;sid:83696247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833146)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833146/; classtype:trojan-activity;sid:83696246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833145)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.11.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833145/; classtype:trojan-activity;sid:83696245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.79.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833142/; classtype:trojan-activity;sid:83696242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833143/; classtype:trojan-activity;sid:83696243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.208.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833144/; classtype:trojan-activity;sid:83696244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.191.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833141/; classtype:trojan-activity;sid:83696241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.14.226.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833140/; classtype:trojan-activity;sid:83696240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.189.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833139/; classtype:trojan-activity;sid:83696239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.232.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833138/; classtype:trojan-activity;sid:83696238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833137/; classtype:trojan-activity;sid:83696237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.28.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833135/; classtype:trojan-activity;sid:83696235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.10.12.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833136/; classtype:trojan-activity;sid:83696236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.46.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833134/; classtype:trojan-activity;sid:83696234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.174.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833133/; classtype:trojan-activity;sid:83696233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833132/; classtype:trojan-activity;sid:83696232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833131/; classtype:trojan-activity;sid:83696231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.79.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833130/; classtype:trojan-activity;sid:83696230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.206.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833129/; classtype:trojan-activity;sid:83696229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833127/; classtype:trojan-activity;sid:83696227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.191.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833128/; classtype:trojan-activity;sid:83696228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"211.14.226.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833126/; classtype:trojan-activity;sid:83696226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.41.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833125/; classtype:trojan-activity;sid:83696225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.246.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833124/; classtype:trojan-activity;sid:83696224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.10.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833123/; classtype:trojan-activity;sid:83696223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.226.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833122/; classtype:trojan-activity;sid:83696222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.46.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833121/; classtype:trojan-activity;sid:83696221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.174.1"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833120/; classtype:trojan-activity;sid:83696220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833119/; classtype:trojan-activity;sid:83696219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.41.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833118/; classtype:trojan-activity;sid:83696218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.62.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833117/; classtype:trojan-activity;sid:83696217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.243.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833116/; classtype:trojan-activity;sid:83696216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833115)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.180.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833115/; classtype:trojan-activity;sid:83696215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.29.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833114/; classtype:trojan-activity;sid:83696214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.206.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833113/; classtype:trojan-activity;sid:83696213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.254.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833112/; classtype:trojan-activity;sid:83696212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833111)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833111/; classtype:trojan-activity;sid:83696211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.10.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833110/; classtype:trojan-activity;sid:83696210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"206.85.167.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833109/; classtype:trojan-activity;sid:83696209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.146.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833108/; classtype:trojan-activity;sid:83696208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.29.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833107/; classtype:trojan-activity;sid:83696207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.62.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833106/; classtype:trojan-activity;sid:83696206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.25.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833105/; classtype:trojan-activity;sid:83696205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833104)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.39.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833104/; classtype:trojan-activity;sid:83696204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833102)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.85.167.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833102/; classtype:trojan-activity;sid:83696202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.106.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833103/; classtype:trojan-activity;sid:83696203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.183.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833100/; classtype:trojan-activity;sid:83696200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833101/; classtype:trojan-activity;sid:83696201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.29.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833099/; classtype:trojan-activity;sid:83696199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.54.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833098/; classtype:trojan-activity;sid:83696198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833097/; classtype:trojan-activity;sid:83696197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.232.4.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833096/; classtype:trojan-activity;sid:83696196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.188.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833095/; classtype:trojan-activity;sid:83696195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.132.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833094/; classtype:trojan-activity;sid:83696194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.241.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833093/; classtype:trojan-activity;sid:83696193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.97.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833092/; classtype:trojan-activity;sid:83696192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.144.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833090/; classtype:trojan-activity;sid:83696190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833091/; classtype:trojan-activity;sid:83696191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.106.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833089/; classtype:trojan-activity;sid:83696189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833088/; classtype:trojan-activity;sid:83696188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.225.254.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833087/; classtype:trojan-activity;sid:83696187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.143.150.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833086/; classtype:trojan-activity;sid:83696186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.86.40.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833085/; classtype:trojan-activity;sid:83696185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833084)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/x4h6jb7kbavx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833084/; classtype:trojan-activity;sid:83696184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833083/; classtype:trojan-activity;sid:83696183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833082/; classtype:trojan-activity;sid:83696182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.150.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833081/; classtype:trojan-activity;sid:83696181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.151.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833080/; classtype:trojan-activity;sid:83696180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833079)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.241.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833079/; classtype:trojan-activity;sid:83696179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.211.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833078/; classtype:trojan-activity;sid:83696178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.55.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833077/; classtype:trojan-activity;sid:83696177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833076/; classtype:trojan-activity;sid:83696176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.176.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833075/; classtype:trojan-activity;sid:83696175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.188.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833074/; classtype:trojan-activity;sid:83696174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.146.26.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833073/; classtype:trojan-activity;sid:83696173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.38.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833072/; classtype:trojan-activity;sid:83696172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833071)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669134487|3f|hash=q19d2doqnq3xlf3brqifmkvg6va4gxcvvsj7yiz7uhg|7c|26|7c|dl=1tftcuz7siqezjht2inmqktni7uazwrgeq4jafflikh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833071/; classtype:trojan-activity;sid:83696171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.144.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833069/; classtype:trojan-activity;sid:83696169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.123.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833070/; classtype:trojan-activity;sid:83696170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833068)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669132669|3f|hash=zkjz6ih7uq9lzkd21vhcvrqwcwde4e0zygiugvcv47k|7c|26|7c|dl=wempmpmw6ufkynuzftioldfw8xizgau8j2f0vsj9nwt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833068/; classtype:trojan-activity;sid:83696168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.211.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833067/; classtype:trojan-activity;sid:83696167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.157.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833066/; classtype:trojan-activity;sid:83696166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833065/; classtype:trojan-activity;sid:83696165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833064)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833064/; classtype:trojan-activity;sid:83696164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.160.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833063/; classtype:trojan-activity;sid:83696163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.176.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833062/; classtype:trojan-activity;sid:83696162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833061/; classtype:trojan-activity;sid:83696161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833060)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.36.118"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833060/; classtype:trojan-activity;sid:83696160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.38.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833059/; classtype:trojan-activity;sid:83696159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.189.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833058/; classtype:trojan-activity;sid:83696158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.187.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833057/; classtype:trojan-activity;sid:83696157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833056/; classtype:trojan-activity;sid:83696156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833055)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.189.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833055/; classtype:trojan-activity;sid:83696155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833054/; classtype:trojan-activity;sid:83696154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.160.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833053/; classtype:trojan-activity;sid:83696153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.43.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833052/; classtype:trojan-activity;sid:83696152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.189.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833051/; classtype:trojan-activity;sid:83696151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.48.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833050/; classtype:trojan-activity;sid:83696150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833049)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"222.246.127.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833049/; classtype:trojan-activity;sid:83696149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.99.201.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833048/; classtype:trojan-activity;sid:83696148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833047/; classtype:trojan-activity;sid:83696147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.73.77.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833046/; classtype:trojan-activity;sid:83696146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.202.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833045/; classtype:trojan-activity;sid:83696145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.130.4.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833044/; classtype:trojan-activity;sid:83696144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.46.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833043/; classtype:trojan-activity;sid:83696143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.201.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833042/; classtype:trojan-activity;sid:83696142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.236.253.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833041/; classtype:trojan-activity;sid:83696141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833040/; classtype:trojan-activity;sid:83696140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833039)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xvctw52mdihb"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833039/; classtype:trojan-activity;sid:83696139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833038/; classtype:trojan-activity;sid:83696138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.149.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833037/; classtype:trojan-activity;sid:83696137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833036/; classtype:trojan-activity;sid:83696136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.125.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833034/; classtype:trojan-activity;sid:83696134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833035/; classtype:trojan-activity;sid:83696135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.46.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833033/; classtype:trojan-activity;sid:83696133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.253.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833032/; classtype:trojan-activity;sid:83696132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833031)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xrpfnwoyjzqd"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833031/; classtype:trojan-activity;sid:83696131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833030/; classtype:trojan-activity;sid:83696130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.109.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833028/; classtype:trojan-activity;sid:83696128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833029/; classtype:trojan-activity;sid:83696129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.148.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833027/; classtype:trojan-activity;sid:83696127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.187.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833026/; classtype:trojan-activity;sid:83696126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.34.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833024/; classtype:trojan-activity;sid:83696124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.110.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833025/; classtype:trojan-activity;sid:83696125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.185.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833023/; classtype:trojan-activity;sid:83696123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833022)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833022/; classtype:trojan-activity;sid:83696122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833021/; classtype:trojan-activity;sid:83696121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.27.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833019/; classtype:trojan-activity;sid:83696119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833020/; classtype:trojan-activity;sid:83696120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833018)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833018/; classtype:trojan-activity;sid:83696118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.150.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833017/; classtype:trojan-activity;sid:83696117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833016)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833016/; classtype:trojan-activity;sid:83696116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833015/; classtype:trojan-activity;sid:83696115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.75.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833014/; classtype:trojan-activity;sid:83696114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833013/; classtype:trojan-activity;sid:83696113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.52.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833012/; classtype:trojan-activity;sid:83696112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833011)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833011/; classtype:trojan-activity;sid:83696111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833010)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.109.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833010/; classtype:trojan-activity;sid:83696110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.70.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833009/; classtype:trojan-activity;sid:83696109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.187.226.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833008/; classtype:trojan-activity;sid:83696108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833007)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833007/; classtype:trojan-activity;sid:83696107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833006)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.148.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833006/; classtype:trojan-activity;sid:83696106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.52.212"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833005/; classtype:trojan-activity;sid:83696105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833004/; classtype:trojan-activity;sid:83696104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833003/; classtype:trojan-activity;sid:83696103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833002)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.4.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833002/; classtype:trojan-activity;sid:83696102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.241.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833001/; classtype:trojan-activity;sid:83696101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2833000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.218.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2833000/; classtype:trojan-activity;sid:83696100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.226.48.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832999/; classtype:trojan-activity;sid:83696099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832998)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.130.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832998/; classtype:trojan-activity;sid:83696098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.122.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832997/; classtype:trojan-activity;sid:83696097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.214.149.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832996/; classtype:trojan-activity;sid:83696096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.40.157.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832995/; classtype:trojan-activity;sid:83696095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.23.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832994/; classtype:trojan-activity;sid:83696094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.4.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832993/; classtype:trojan-activity;sid:83696093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.83.247.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832992/; classtype:trojan-activity;sid:83696092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.241.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832991/; classtype:trojan-activity;sid:83696091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.65.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832990/; classtype:trojan-activity;sid:83696090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.19.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832989/; classtype:trojan-activity;sid:83696089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832988)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.121.83.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832988/; classtype:trojan-activity;sid:83696088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.100.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832987/; classtype:trojan-activity;sid:83696087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.122.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832986/; classtype:trojan-activity;sid:83696086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.149.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832985/; classtype:trojan-activity;sid:83696085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.208.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832984/; classtype:trojan-activity;sid:83696084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832983/; classtype:trojan-activity;sid:83696083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.40.157.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832982/; classtype:trojan-activity;sid:83696082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832981/; classtype:trojan-activity;sid:83696081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.65.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832980/; classtype:trojan-activity;sid:83696080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832979/; classtype:trojan-activity;sid:83696079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.19.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832978/; classtype:trojan-activity;sid:83696078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.100.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832977/; classtype:trojan-activity;sid:83696077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.88.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832976/; classtype:trojan-activity;sid:83696076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.139.178.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832975/; classtype:trojan-activity;sid:83696075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832974)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832974/; classtype:trojan-activity;sid:83696074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832973)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.244.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832973/; classtype:trojan-activity;sid:83696073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832972/; classtype:trojan-activity;sid:83696072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832971)"; flow:established,from_client; content:"GET"; http_method; content:"/get/10fgrm/realtekmonitor.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"transfer.adttemp.com.br"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832971/; classtype:trojan-activity;sid:83696071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832970/; classtype:trojan-activity;sid:83696070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832969)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832969/; classtype:trojan-activity;sid:83696069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832968)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832968/; classtype:trojan-activity;sid:83696068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832967/; classtype:trojan-activity;sid:83696067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.21.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832966/; classtype:trojan-activity;sid:83696066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832965/; classtype:trojan-activity;sid:83696065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832964)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832964/; classtype:trojan-activity;sid:83696064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832963/; classtype:trojan-activity;sid:83696063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.18.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832962/; classtype:trojan-activity;sid:83696062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.197.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832961/; classtype:trojan-activity;sid:83696061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832960)"; flow:established,from_client; content:"GET"; http_method; content:"/tpvmey.7z"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"files.catbox.moe"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832960/; classtype:trojan-activity;sid:83696060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.5.133"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832959/; classtype:trojan-activity;sid:83696059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.18.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832958/; classtype:trojan-activity;sid:83696058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832956/; classtype:trojan-activity;sid:83696056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832957/; classtype:trojan-activity;sid:83696057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.214.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832955/; classtype:trojan-activity;sid:83696055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832954/; classtype:trojan-activity;sid:83696054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.103.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832953/; classtype:trojan-activity;sid:83696053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.146.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832952/; classtype:trojan-activity;sid:83696052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.67.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832951/; classtype:trojan-activity;sid:83696051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832950/; classtype:trojan-activity;sid:83696050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832949/; classtype:trojan-activity;sid:83696049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.67.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832948/; classtype:trojan-activity;sid:83696048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.197.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832947/; classtype:trojan-activity;sid:83696047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832946)"; flow:established,from_client; content:"GET"; http_method; content:"/op.scr"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"covid19help.top"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832946/; classtype:trojan-activity;sid:83696046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832945/; classtype:trojan-activity;sid:83696045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.25.183.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832944/; classtype:trojan-activity;sid:83696044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.68.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832943/; classtype:trojan-activity;sid:83696043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.61.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832942/; classtype:trojan-activity;sid:83696042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.62.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832941/; classtype:trojan-activity;sid:83696041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.232.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832940/; classtype:trojan-activity;sid:83696040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832939)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.40.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832939/; classtype:trojan-activity;sid:83696039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.193.120.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832938/; classtype:trojan-activity;sid:83696038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.187.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832937/; classtype:trojan-activity;sid:83696037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.189"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832936/; classtype:trojan-activity;sid:83696036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.14.191.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832935/; classtype:trojan-activity;sid:83696035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.122.239.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832934/; classtype:trojan-activity;sid:83696034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832933)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.29.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832933/; classtype:trojan-activity;sid:83696033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.72.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832930/; classtype:trojan-activity;sid:83696030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.169.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832931/; classtype:trojan-activity;sid:83696031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.175.157.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832932/; classtype:trojan-activity;sid:83696032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832929)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832929/; classtype:trojan-activity;sid:83696029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832926)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832926/; classtype:trojan-activity;sid:83696026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832927)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832927/; classtype:trojan-activity;sid:83696027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832928)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.mips"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832928/; classtype:trojan-activity;sid:83696028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832922)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.ppc"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832922/; classtype:trojan-activity;sid:83696022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832923)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832923/; classtype:trojan-activity;sid:83696023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832924)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.sh4"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832924/; classtype:trojan-activity;sid:83696024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832925)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm4"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832925/; classtype:trojan-activity;sid:83696025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832920)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832920/; classtype:trojan-activity;sid:83696020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832921)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm7"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832921/; classtype:trojan-activity;sid:83696021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.61.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832919/; classtype:trojan-activity;sid:83696019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832915)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.i686"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832915/; classtype:trojan-activity;sid:83696015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832916)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm5"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832916/; classtype:trojan-activity;sid:83696016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832917)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.x86"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832917/; classtype:trojan-activity;sid:83696017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832918)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.i686"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832918/; classtype:trojan-activity;sid:83696018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832911)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832911/; classtype:trojan-activity;sid:83696011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832912)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832912/; classtype:trojan-activity;sid:83696012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832913)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.m68k"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832913/; classtype:trojan-activity;sid:83696013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832914)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.arm6"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832914/; classtype:trojan-activity;sid:83696014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832908)"; flow:established,from_client; content:"GET"; http_method; content:"/static/no_killer/aqua.mpsl"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832908/; classtype:trojan-activity;sid:83696008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832909)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832909/; classtype:trojan-activity;sid:83696009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832910)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832910/; classtype:trojan-activity;sid:83696010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.45.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832907/; classtype:trojan-activity;sid:83696007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.25.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832905/; classtype:trojan-activity;sid:83696005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832906)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.49.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832906/; classtype:trojan-activity;sid:83696006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.110.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832904/; classtype:trojan-activity;sid:83696004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.187.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832902/; classtype:trojan-activity;sid:83696002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.120.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832903/; classtype:trojan-activity;sid:83696003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832901)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832901/; classtype:trojan-activity;sid:83696001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.81.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832900/; classtype:trojan-activity;sid:83696000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832899)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832899/; classtype:trojan-activity;sid:83695999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832898)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.142.112.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832898/; classtype:trojan-activity;sid:83695998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832895)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832895/; classtype:trojan-activity;sid:83695995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832896)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832896/; classtype:trojan-activity;sid:83695996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832897)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832897/; classtype:trojan-activity;sid:83695997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832887)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832887/; classtype:trojan-activity;sid:83695987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832888)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832888/; classtype:trojan-activity;sid:83695988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832889)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832889/; classtype:trojan-activity;sid:83695989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832890)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832890/; classtype:trojan-activity;sid:83695990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832891)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832891/; classtype:trojan-activity;sid:83695991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832892)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832892/; classtype:trojan-activity;sid:83695992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832893)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832893/; classtype:trojan-activity;sid:83695993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832894)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832894/; classtype:trojan-activity;sid:83695994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832886)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"154.44.30.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832886/; classtype:trojan-activity;sid:83695986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832873)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832873/; classtype:trojan-activity;sid:83695973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832874)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832874/; classtype:trojan-activity;sid:83695974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832875)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832875/; classtype:trojan-activity;sid:83695975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832876)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832876/; classtype:trojan-activity;sid:83695976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832877)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832877/; classtype:trojan-activity;sid:83695977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832878)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832878/; classtype:trojan-activity;sid:83695978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832879)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832879/; classtype:trojan-activity;sid:83695979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832880)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832880/; classtype:trojan-activity;sid:83695980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832881)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832881/; classtype:trojan-activity;sid:83695981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832882)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832882/; classtype:trojan-activity;sid:83695982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832883)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832883/; classtype:trojan-activity;sid:83695983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832884)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832884/; classtype:trojan-activity;sid:83695984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832885)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.196.9.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832885/; classtype:trojan-activity;sid:83695985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.102.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832872/; classtype:trojan-activity;sid:83695972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.238.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832871/; classtype:trojan-activity;sid:83695971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.70.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832870/; classtype:trojan-activity;sid:83695970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832869)"; flow:established,from_client; content:"GET"; http_method; content:"/download/return-of-space-setup.rar"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"returnofspace.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832869/; classtype:trojan-activity;sid:83695969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832865)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832865/; classtype:trojan-activity;sid:83695965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832866)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832866/; classtype:trojan-activity;sid:83695966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832867)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832867/; classtype:trojan-activity;sid:83695967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832868)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832868/; classtype:trojan-activity;sid:83695968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832862)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832862/; classtype:trojan-activity;sid:83695962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832863)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832863/; classtype:trojan-activity;sid:83695963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832864)"; flow:established,from_client; content:"GET"; http_method; content:"/d32e011d2eaa85a0/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"shaffatta.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832864/; classtype:trojan-activity;sid:83695964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.232.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832861/; classtype:trojan-activity;sid:83695961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.183.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832860/; classtype:trojan-activity;sid:83695960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.81.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832858/; classtype:trojan-activity;sid:83695958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.110.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832859/; classtype:trojan-activity;sid:83695959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.172.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832857/; classtype:trojan-activity;sid:83695957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.130.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832856/; classtype:trojan-activity;sid:83695956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832855/; classtype:trojan-activity;sid:83695955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832854/; classtype:trojan-activity;sid:83695954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.213.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832853/; classtype:trojan-activity;sid:83695953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.221.58.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832852/; classtype:trojan-activity;sid:83695952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832851/; classtype:trojan-activity;sid:83695951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832850/; classtype:trojan-activity;sid:83695950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832849)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.214.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832849/; classtype:trojan-activity;sid:83695949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832848/; classtype:trojan-activity;sid:83695948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832847/; classtype:trojan-activity;sid:83695947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.143.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832846/; classtype:trojan-activity;sid:83695946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.72.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832845/; classtype:trojan-activity;sid:83695945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.6.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832844/; classtype:trojan-activity;sid:83695944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832843)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.72.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832843/; classtype:trojan-activity;sid:83695943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.118.243.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832842/; classtype:trojan-activity;sid:83695942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.47.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832841/; classtype:trojan-activity;sid:83695941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832840)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.40.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832840/; classtype:trojan-activity;sid:83695940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832839)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832839/; classtype:trojan-activity;sid:83695939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832838/; classtype:trojan-activity;sid:83695938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.55.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832837/; classtype:trojan-activity;sid:83695937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832836)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.123.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832836/; classtype:trojan-activity;sid:83695936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832835/; classtype:trojan-activity;sid:83695935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.201.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832834/; classtype:trojan-activity;sid:83695934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832833)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.175.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832833/; classtype:trojan-activity;sid:83695933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832832/; classtype:trojan-activity;sid:83695932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.30.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832831/; classtype:trojan-activity;sid:83695931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.63.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832830/; classtype:trojan-activity;sid:83695930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.70.180.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832829/; classtype:trojan-activity;sid:83695929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.146.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832828/; classtype:trojan-activity;sid:83695928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.21.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832827/; classtype:trojan-activity;sid:83695927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.107.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832826/; classtype:trojan-activity;sid:83695926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.8.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832825/; classtype:trojan-activity;sid:83695925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832824)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832824/; classtype:trojan-activity;sid:83695924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.30.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832823/; classtype:trojan-activity;sid:83695923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.143.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832822/; classtype:trojan-activity;sid:83695922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.143.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832821/; classtype:trojan-activity;sid:83695921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832820/; classtype:trojan-activity;sid:83695920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832819/; classtype:trojan-activity;sid:83695919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832818)"; flow:established,from_client; content:"GET"; http_method; content:"/static/aqua.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.8.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832818/; classtype:trojan-activity;sid:83695918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832817)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.146.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832817/; classtype:trojan-activity;sid:83695917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.107.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832816/; classtype:trojan-activity;sid:83695916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832815)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832815/; classtype:trojan-activity;sid:83695915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832813)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.153.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832813/; classtype:trojan-activity;sid:83695913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832814)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832814/; classtype:trojan-activity;sid:83695914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832812)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.62.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832812/; classtype:trojan-activity;sid:83695912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832811/; classtype:trojan-activity;sid:83695911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832810)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832810/; classtype:trojan-activity;sid:83695910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.13.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832809/; classtype:trojan-activity;sid:83695909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.90.13.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832808/; classtype:trojan-activity;sid:83695908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.88.168"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832807/; classtype:trojan-activity;sid:83695907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832806)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.134.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832806/; classtype:trojan-activity;sid:83695906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832805)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832805/; classtype:trojan-activity;sid:83695905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832804)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832804/; classtype:trojan-activity;sid:83695904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832803)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/images/images/im/im.png"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"totalhorsehealth.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832803/; classtype:trojan-activity;sid:83695903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832801)"; flow:established,from_client; content:"GET"; http_method; content:"/d/bgcbt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832801/; classtype:trojan-activity;sid:83695901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832802)"; flow:established,from_client; content:"GET"; http_method; content:"/90811/btrkc/fishermansaidyouaremyloverbecauseitrulyloveyoufromtheheartmysweetheartmysweetkissyouaremybeautifulwomen___ialwaysrememberyoumorethananyone.doc"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832802/; classtype:trojan-activity;sid:83695902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832800)"; flow:established,from_client; content:"GET"; http_method; content:"/d/yrhcu"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832800/; classtype:trojan-activity;sid:83695900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832798)"; flow:established,from_client; content:"GET"; http_method; content:"/90811/btkbc.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832798/; classtype:trojan-activity;sid:83695898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832799)"; flow:established,from_client; content:"GET"; http_method; content:"/5010/htc.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832799/; classtype:trojan-activity;sid:83695899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832796)"; flow:established,from_client; content:"GET"; http_method; content:"/5010/frg/wedesingedfisherboattounderstanditsaworthfulthingstogetherbacksheisverybeatufiulgirlfrommyheartsheisgirl___womenslverkssinglipher.doc"; http_uri; depth:143; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832796/; classtype:trojan-activity;sid:83695896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832797)"; flow:established,from_client; content:"GET"; http_method; content:"/5010/imagefishermankissinggirl.gif"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832797/; classtype:trojan-activity;sid:83695897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832795)"; flow:established,from_client; content:"GET"; http_method; content:"/90811/imageofthefishermankiss.gif"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832795/; classtype:trojan-activity;sid:83695895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832794)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tkxxasl5dupxj37ckia7dyw5erlqvs5y"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832794/; classtype:trojan-activity;sid:83695894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832789)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1afghykq7_aq3qcyfa2vxbtkf4nvabj4j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832789/; classtype:trojan-activity;sid:83695889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832790)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1y9cw9u7xzybxxpdoyvxuosfdoia2aa6v"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832790/; classtype:trojan-activity;sid:83695890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832791)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p6ucnuojwjyctbi8jjum7gxws1dlljr7"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832791/; classtype:trojan-activity;sid:83695891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832792)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1efqf-jaxwxyykshdiv_an0kdtcot5aqo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832792/; classtype:trojan-activity;sid:83695892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832793)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lsdxum_3bepf51r3sbcin3vdiwcz_oni"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832793/; classtype:trojan-activity;sid:83695893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.16.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832788/; classtype:trojan-activity;sid:83695888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832787/; classtype:trojan-activity;sid:83695887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.160.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832786/; classtype:trojan-activity;sid:83695886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.194.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832785/; classtype:trojan-activity;sid:83695885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.73.242.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832784/; classtype:trojan-activity;sid:83695884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832783/; classtype:trojan-activity;sid:83695883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832782/; classtype:trojan-activity;sid:83695882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832781/; classtype:trojan-activity;sid:83695881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.125.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832780/; classtype:trojan-activity;sid:83695880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832779)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669123201|3f|hash=xdcpjelzxewo4kztohuqemvckwzlhqqzbjyb5ykd2jc|7c|26|7c|dl=coyly32azwrawiuav6lvf1kvnbsjshxc1w6esy9lvxc|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832779/; classtype:trojan-activity;sid:83695879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832778/; classtype:trojan-activity;sid:83695878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.193.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832777/; classtype:trojan-activity;sid:83695877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832776)"; flow:established,from_client; content:"GET"; http_method; content:"/uigclhxyeyyhi246.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"67.203.7.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832776/; classtype:trojan-activity;sid:83695876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.73.242.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832775/; classtype:trojan-activity;sid:83695875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832774)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ralucamihaela.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832774/; classtype:trojan-activity;sid:83695874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832773)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832773/; classtype:trojan-activity;sid:83695873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832771)"; flow:established,from_client; content:"GET"; http_method; content:"/gr1.bin"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ralucamihaela.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832771/; classtype:trojan-activity;sid:83695871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.16.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832772/; classtype:trojan-activity;sid:83695872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832770)"; flow:established,from_client; content:"GET"; http_method; content:"/gr.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ralucamihaela.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832770/; classtype:trojan-activity;sid:83695870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832767)"; flow:established,from_client; content:"GET"; http_method; content:"/gdningsopbevaringsanlggene.pfb"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832767/; classtype:trojan-activity;sid:83695867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.160.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832768/; classtype:trojan-activity;sid:83695868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832769)"; flow:established,from_client; content:"GET"; http_method; content:"/azhfsrgnnmsdgahiuwb214.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832769/; classtype:trojan-activity;sid:83695869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832766)"; flow:established,from_client; content:"GET"; http_method; content:"/uqqmlftcausvpgkzz168.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.239.86.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832766/; classtype:trojan-activity;sid:83695866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.188.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832765/; classtype:trojan-activity;sid:83695865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.35"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832764/; classtype:trojan-activity;sid:83695864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832763/; classtype:trojan-activity;sid:83695863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.125.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832762/; classtype:trojan-activity;sid:83695862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.117.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832761/; classtype:trojan-activity;sid:83695861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.219.85.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832760/; classtype:trojan-activity;sid:83695860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832759)"; flow:established,from_client; content:"GET"; http_method; content:"/acrobatreaderpro.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.81.29.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832759/; classtype:trojan-activity;sid:83695859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832758/; classtype:trojan-activity;sid:83695858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832757/; classtype:trojan-activity;sid:83695857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832755/; classtype:trojan-activity;sid:83695855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832756)"; flow:established,from_client; content:"GET"; http_method; content:"/lend/jfesawdr.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.233.132.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832756/; classtype:trojan-activity;sid:83695856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832754/; classtype:trojan-activity;sid:83695854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.188.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832753/; classtype:trojan-activity;sid:83695853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.159.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832752/; classtype:trojan-activity;sid:83695852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.182.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832751/; classtype:trojan-activity;sid:83695851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.34.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832750/; classtype:trojan-activity;sid:83695850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832749/; classtype:trojan-activity;sid:83695849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832748)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669119231|3f|hash=96vtdhhgsbnei9sei0lnjmid4wbfmsjn56lhcfutlwh|7c|26|7c|dl=ewxebzefbe7eittyrwkloemkj3rn9f1w896khygvlwk|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832748/; classtype:trojan-activity;sid:83695848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.30.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832747/; classtype:trojan-activity;sid:83695847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.83.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832746/; classtype:trojan-activity;sid:83695846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832745)"; flow:established,from_client; content:"GET"; http_method; content:"/pl.bin"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"ralucamihaela.ro"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832745/; classtype:trojan-activity;sid:83695845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.85.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832744/; classtype:trojan-activity;sid:83695844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.50.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832743/; classtype:trojan-activity;sid:83695843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832742)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.114.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832742/; classtype:trojan-activity;sid:83695842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832741)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.62.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832741/; classtype:trojan-activity;sid:83695841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.53.42.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832740/; classtype:trojan-activity;sid:83695840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.231.121.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832739/; classtype:trojan-activity;sid:83695839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.137.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832738/; classtype:trojan-activity;sid:83695838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.13.151.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832737/; classtype:trojan-activity;sid:83695837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.5.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832736/; classtype:trojan-activity;sid:83695836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.231.121.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832735/; classtype:trojan-activity;sid:83695835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.131.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832734/; classtype:trojan-activity;sid:83695834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.182.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832733/; classtype:trojan-activity;sid:83695833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.150.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832732/; classtype:trojan-activity;sid:83695832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832731/; classtype:trojan-activity;sid:83695831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832730/; classtype:trojan-activity;sid:83695830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832729/; classtype:trojan-activity;sid:83695829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832728/; classtype:trojan-activity;sid:83695828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.201.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832727/; classtype:trojan-activity;sid:83695827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.45.134.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832726/; classtype:trojan-activity;sid:83695826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.217.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832725/; classtype:trojan-activity;sid:83695825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832724)"; flow:established,from_client; content:"GET"; http_method; content:"/calitatex/nloniqwpmhahokeszhprtm43.bin"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"absorbante-calitate.ro"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832724/; classtype:trojan-activity;sid:83695824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832723/; classtype:trojan-activity;sid:83695823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832722/; classtype:trojan-activity;sid:83695822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832720/; classtype:trojan-activity;sid:83695820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832721/; classtype:trojan-activity;sid:83695821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832719)"; flow:established,from_client; content:"GET"; http_method; content:"/twvvmophe254.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832719/; classtype:trojan-activity;sid:83695819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.239.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832718/; classtype:trojan-activity;sid:83695818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832716)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.132.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832716/; classtype:trojan-activity;sid:83695816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.86.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832717/; classtype:trojan-activity;sid:83695817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832714)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.217.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832714/; classtype:trojan-activity;sid:83695814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832715)"; flow:established,from_client; content:"GET"; http_method; content:"/isetup4.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832715/; classtype:trojan-activity;sid:83695815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832713)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832713/; classtype:trojan-activity;sid:83695813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832712)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.6.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832712/; classtype:trojan-activity;sid:83695812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832710)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832710/; classtype:trojan-activity;sid:83695810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832711/; classtype:trojan-activity;sid:83695811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832708)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.177.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832708/; classtype:trojan-activity;sid:83695808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.60.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832709/; classtype:trojan-activity;sid:83695809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832707)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.151.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832707/; classtype:trojan-activity;sid:83695807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.84.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832706/; classtype:trojan-activity;sid:83695806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.131.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832705/; classtype:trojan-activity;sid:83695805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.129.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832704/; classtype:trojan-activity;sid:83695804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.217.184.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832703/; classtype:trojan-activity;sid:83695803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.201.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832702/; classtype:trojan-activity;sid:83695802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.5.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832701/; classtype:trojan-activity;sid:83695801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832700/; classtype:trojan-activity;sid:83695800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.189.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832699/; classtype:trojan-activity;sid:83695799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832698)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.38.195.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832698/; classtype:trojan-activity;sid:83695798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832696)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832696/; classtype:trojan-activity;sid:83695796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832697)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832697/; classtype:trojan-activity;sid:83695797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832687/; classtype:trojan-activity;sid:83695787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832688/; classtype:trojan-activity;sid:83695788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832689/; classtype:trojan-activity;sid:83695789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832690/; classtype:trojan-activity;sid:83695790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832691/; classtype:trojan-activity;sid:83695791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832692)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832692/; classtype:trojan-activity;sid:83695792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832693)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832693/; classtype:trojan-activity;sid:83695793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832694)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832694/; classtype:trojan-activity;sid:83695794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832695)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"herioscheats.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832695/; classtype:trojan-activity;sid:83695795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.71.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832686/; classtype:trojan-activity;sid:83695786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.117.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832685/; classtype:trojan-activity;sid:83695785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832680)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832680/; classtype:trojan-activity;sid:83695780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832681)"; flow:established,from_client; content:"GET"; http_method; content:"/a/splash.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832681/; classtype:trojan-activity;sid:83695781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832682)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832682/; classtype:trojan-activity;sid:83695782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832683)"; flow:established,from_client; content:"GET"; http_method; content:"/a/g"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832683/; classtype:trojan-activity;sid:83695783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832684)"; flow:established,from_client; content:"GET"; http_method; content:"/a/l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832684/; classtype:trojan-activity;sid:83695784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832676)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832676/; classtype:trojan-activity;sid:83695776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832677)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832677/; classtype:trojan-activity;sid:83695777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832678)"; flow:established,from_client; content:"GET"; http_method; content:"/0xh0roxxnavebusyoo.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832678/; classtype:trojan-activity;sid:83695778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832679)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832679/; classtype:trojan-activity;sid:83695779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832674)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832674/; classtype:trojan-activity;sid:83695774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832675)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832675/; classtype:trojan-activity;sid:83695775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832673)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832673/; classtype:trojan-activity;sid:83695773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832670)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832670/; classtype:trojan-activity;sid:83695770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832671)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832671/; classtype:trojan-activity;sid:83695771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832672)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kowai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832672/; classtype:trojan-activity;sid:83695772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832663)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832663/; classtype:trojan-activity;sid:83695763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832664)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832664/; classtype:trojan-activity;sid:83695764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832665)"; flow:established,from_client; content:"GET"; http_method; content:"/a/l"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832665/; classtype:trojan-activity;sid:83695765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832666)"; flow:established,from_client; content:"GET"; http_method; content:"/a/wget.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832666/; classtype:trojan-activity;sid:83695766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832667)"; flow:established,from_client; content:"GET"; http_method; content:"/a/splash.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832667/; classtype:trojan-activity;sid:83695767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832668)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832668/; classtype:trojan-activity;sid:83695768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832669)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832669/; classtype:trojan-activity;sid:83695769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832661)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832661/; classtype:trojan-activity;sid:83695761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832662)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832662/; classtype:trojan-activity;sid:83695762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832659)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832659/; classtype:trojan-activity;sid:83695759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832660)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832660/; classtype:trojan-activity;sid:83695760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832657)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832657/; classtype:trojan-activity;sid:83695757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832658/; classtype:trojan-activity;sid:83695758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832652)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832652/; classtype:trojan-activity;sid:83695752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832653)"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832653/; classtype:trojan-activity;sid:83695753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832654)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832654/; classtype:trojan-activity;sid:83695754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832655)"; flow:established,from_client; content:"GET"; http_method; content:"/a/b"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832655/; classtype:trojan-activity;sid:83695755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832656)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832656/; classtype:trojan-activity;sid:83695756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832649)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832649/; classtype:trojan-activity;sid:83695749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832650)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832650/; classtype:trojan-activity;sid:83695750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832651)"; flow:established,from_client; content:"GET"; http_method; content:"/a/g"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832651/; classtype:trojan-activity;sid:83695751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832648)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"xkoic3y.dekma-gay.ru"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832648/; classtype:trojan-activity;sid:83695748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.59.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832646/; classtype:trojan-activity;sid:83695746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.164.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832647/; classtype:trojan-activity;sid:83695747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.64.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832645/; classtype:trojan-activity;sid:83695745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.32.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832644/; classtype:trojan-activity;sid:83695744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.217.184.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832643/; classtype:trojan-activity;sid:83695743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832642/; classtype:trojan-activity;sid:83695742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832641/; classtype:trojan-activity;sid:83695741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.60.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832640/; classtype:trojan-activity;sid:83695740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832639)"; flow:established,from_client; content:"GET"; http_method; content:"/shitload.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"twizt.net"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832639/; classtype:trojan-activity;sid:83695739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.48.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832638/; classtype:trojan-activity;sid:83695738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.189.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832637/; classtype:trojan-activity;sid:83695737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.8.93.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832636/; classtype:trojan-activity;sid:83695736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.127.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832634/; classtype:trojan-activity;sid:83695734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832635)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.36.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832635/; classtype:trojan-activity;sid:83695735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.38.195.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832633/; classtype:trojan-activity;sid:83695733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832632/; classtype:trojan-activity;sid:83695732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.46.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832631/; classtype:trojan-activity;sid:83695731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.62.115.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832630/; classtype:trojan-activity;sid:83695730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.81.207"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832629/; classtype:trojan-activity;sid:83695729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832627/; classtype:trojan-activity;sid:83695727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.66.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832628/; classtype:trojan-activity;sid:83695728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.93.228"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832626/; classtype:trojan-activity;sid:83695726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.229.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832625/; classtype:trojan-activity;sid:83695725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.36.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832624/; classtype:trojan-activity;sid:83695724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.59.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832623/; classtype:trojan-activity;sid:83695723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832622)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.164.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832622/; classtype:trojan-activity;sid:83695722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832621/; classtype:trojan-activity;sid:83695721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.210.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832620/; classtype:trojan-activity;sid:83695720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.107.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832619/; classtype:trojan-activity;sid:83695719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.133.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832618/; classtype:trojan-activity;sid:83695718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832617/; classtype:trojan-activity;sid:83695717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832616/; classtype:trojan-activity;sid:83695716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.115.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832615/; classtype:trojan-activity;sid:83695715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832614/; classtype:trojan-activity;sid:83695714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832613/; classtype:trojan-activity;sid:83695713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832612/; classtype:trojan-activity;sid:83695712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832611/; classtype:trojan-activity;sid:83695711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832610)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.182.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832610/; classtype:trojan-activity;sid:83695710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.196.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832609/; classtype:trojan-activity;sid:83695709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832608)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832608/; classtype:trojan-activity;sid:83695708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.67.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832607/; classtype:trojan-activity;sid:83695707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832606/; classtype:trojan-activity;sid:83695706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832605)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.181.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832605/; classtype:trojan-activity;sid:83695705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832603)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.185.254"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832603/; classtype:trojan-activity;sid:83695703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832604)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.237.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832604/; classtype:trojan-activity;sid:83695704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832602/; classtype:trojan-activity;sid:83695702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832596)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832596/; classtype:trojan-activity;sid:83695696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832597)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832597/; classtype:trojan-activity;sid:83695697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832598)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832598/; classtype:trojan-activity;sid:83695698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832599)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832599/; classtype:trojan-activity;sid:83695699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832600)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832600/; classtype:trojan-activity;sid:83695700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832601)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832601/; classtype:trojan-activity;sid:83695701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832582)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832582/; classtype:trojan-activity;sid:83695682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832583)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832583/; classtype:trojan-activity;sid:83695683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832584)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832584/; classtype:trojan-activity;sid:83695684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832585)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832585/; classtype:trojan-activity;sid:83695685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832586)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832586/; classtype:trojan-activity;sid:83695686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832587)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832587/; classtype:trojan-activity;sid:83695687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832588)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832588/; classtype:trojan-activity;sid:83695688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832589)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832589/; classtype:trojan-activity;sid:83695689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832590)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832590/; classtype:trojan-activity;sid:83695690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832591)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832591/; classtype:trojan-activity;sid:83695691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832592)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832592/; classtype:trojan-activity;sid:83695692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832593)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832593/; classtype:trojan-activity;sid:83695693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832594)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832594/; classtype:trojan-activity;sid:83695694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832595)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832595/; classtype:trojan-activity;sid:83695695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832573)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832573/; classtype:trojan-activity;sid:83695673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832574)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832574/; classtype:trojan-activity;sid:83695674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832575)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832575/; classtype:trojan-activity;sid:83695675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832576)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832576/; classtype:trojan-activity;sid:83695676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832577)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832577/; classtype:trojan-activity;sid:83695677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832578)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832578/; classtype:trojan-activity;sid:83695678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832579)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832579/; classtype:trojan-activity;sid:83695679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832580)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832580/; classtype:trojan-activity;sid:83695680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832581)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832581/; classtype:trojan-activity;sid:83695681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832566)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832566/; classtype:trojan-activity;sid:83695666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832567)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832567/; classtype:trojan-activity;sid:83695667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832568)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832568/; classtype:trojan-activity;sid:83695668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832569)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832569/; classtype:trojan-activity;sid:83695669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832570)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.adolfhitler.su"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832570/; classtype:trojan-activity;sid:83695670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832571)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832571/; classtype:trojan-activity;sid:83695671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832572)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832572/; classtype:trojan-activity;sid:83695672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832557)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832557/; classtype:trojan-activity;sid:83695657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832558)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832558/; classtype:trojan-activity;sid:83695658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832559)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832559/; classtype:trojan-activity;sid:83695659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832560)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832560/; classtype:trojan-activity;sid:83695660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832561)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832561/; classtype:trojan-activity;sid:83695661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832562)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832562/; classtype:trojan-activity;sid:83695662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832563)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832563/; classtype:trojan-activity;sid:83695663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832564)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832564/; classtype:trojan-activity;sid:83695664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832565)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"security.secure-core-rebirthltd.su"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832565/; classtype:trojan-activity;sid:83695665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832556)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"security.rebirth-network.su"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832556/; classtype:trojan-activity;sid:83695656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832555)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"bot.secure-network-rebirthltd.ru"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832555/; classtype:trojan-activity;sid:83695655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.28.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832554/; classtype:trojan-activity;sid:83695654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.27.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832553/; classtype:trojan-activity;sid:83695653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832552/; classtype:trojan-activity;sid:83695652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832551)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.40"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832551/; classtype:trojan-activity;sid:83695651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832543)"; flow:established,from_client; content:"GET"; http_method; content:"//x86_64"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832543/; classtype:trojan-activity;sid:83695643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832544)"; flow:established,from_client; content:"GET"; http_method; content:"//m68k"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832544/; classtype:trojan-activity;sid:83695644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832545)"; flow:established,from_client; content:"GET"; http_method; content:"//mpsl"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832545/; classtype:trojan-activity;sid:83695645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832546)"; flow:established,from_client; content:"GET"; http_method; content:"//arm6"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832546/; classtype:trojan-activity;sid:83695646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832547)"; flow:established,from_client; content:"GET"; http_method; content:"//mips"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832547/; classtype:trojan-activity;sid:83695647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832548)"; flow:established,from_client; content:"GET"; http_method; content:"//arm7"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832548/; classtype:trojan-activity;sid:83695648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832549)"; flow:established,from_client; content:"GET"; http_method; content:"//arm5"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832549/; classtype:trojan-activity;sid:83695649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.131.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832550/; classtype:trojan-activity;sid:83695650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832542)"; flow:established,from_client; content:"GET"; http_method; content:"//arm4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832542/; classtype:trojan-activity;sid:83695642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832537)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832537/; classtype:trojan-activity;sid:83695637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832538)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832538/; classtype:trojan-activity;sid:83695638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832539)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832539/; classtype:trojan-activity;sid:83695639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832540)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832540/; classtype:trojan-activity;sid:83695640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832541)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832541/; classtype:trojan-activity;sid:83695641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832522)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832522/; classtype:trojan-activity;sid:83695622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832523)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832523/; classtype:trojan-activity;sid:83695623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832524)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832524/; classtype:trojan-activity;sid:83695624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832525)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832525/; classtype:trojan-activity;sid:83695625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832526)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832526/; classtype:trojan-activity;sid:83695626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832527)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832527/; classtype:trojan-activity;sid:83695627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832528)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832528/; classtype:trojan-activity;sid:83695628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832529)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832529/; classtype:trojan-activity;sid:83695629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832530)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832530/; classtype:trojan-activity;sid:83695630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832531)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832531/; classtype:trojan-activity;sid:83695631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832532)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832532/; classtype:trojan-activity;sid:83695632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832533)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832533/; classtype:trojan-activity;sid:83695633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832534)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832534/; classtype:trojan-activity;sid:83695634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832535)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832535/; classtype:trojan-activity;sid:83695635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832536)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832536/; classtype:trojan-activity;sid:83695636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832517)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832517/; classtype:trojan-activity;sid:83695617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832518)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832518/; classtype:trojan-activity;sid:83695618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832519)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832519/; classtype:trojan-activity;sid:83695619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832520)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832520/; classtype:trojan-activity;sid:83695620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832521)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832521/; classtype:trojan-activity;sid:83695621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832507)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832507/; classtype:trojan-activity;sid:83695607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832508)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832508/; classtype:trojan-activity;sid:83695608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832509)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832509/; classtype:trojan-activity;sid:83695609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832510)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832510/; classtype:trojan-activity;sid:83695610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832511)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832511/; classtype:trojan-activity;sid:83695611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832512)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832512/; classtype:trojan-activity;sid:83695612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832513)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832513/; classtype:trojan-activity;sid:83695613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832514)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832514/; classtype:trojan-activity;sid:83695614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832515)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"lsagjogu8ztaueghasdjsdigh.cc"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832515/; classtype:trojan-activity;sid:83695615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832516)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832516/; classtype:trojan-activity;sid:83695616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832501)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832501/; classtype:trojan-activity;sid:83695601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832502)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832502/; classtype:trojan-activity;sid:83695602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832503)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832503/; classtype:trojan-activity;sid:83695603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832504)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832504/; classtype:trojan-activity;sid:83695604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832505)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"hitler.su"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832505/; classtype:trojan-activity;sid:83695605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832506)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832506/; classtype:trojan-activity;sid:83695606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832500)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832500/; classtype:trojan-activity;sid:83695600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832492)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832492/; classtype:trojan-activity;sid:83695592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832493)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832493/; classtype:trojan-activity;sid:83695593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832494)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832494/; classtype:trojan-activity;sid:83695594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832495)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832495/; classtype:trojan-activity;sid:83695595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832496)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832496/; classtype:trojan-activity;sid:83695596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832497)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832497/; classtype:trojan-activity;sid:83695597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832498)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"kz.hitler.su"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832498/; classtype:trojan-activity;sid:83695598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832499)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"vps.rebirth-network.su"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832499/; classtype:trojan-activity;sid:83695599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832490)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832490/; classtype:trojan-activity;sid:83695590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832491)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"xysk5eeyj0j5n.xyz"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832491/; classtype:trojan-activity;sid:83695591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.196.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832489/; classtype:trojan-activity;sid:83695589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.170.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832488/; classtype:trojan-activity;sid:83695588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.105.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832487/; classtype:trojan-activity;sid:83695587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832486)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.67.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832486/; classtype:trojan-activity;sid:83695586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832484)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"sex.secure-cyber-security-rebirthltd.su"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832484/; classtype:trojan-activity;sid:83695584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832485)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sex.secure-cyber-security-rebirthltd.su"; http_host; depth:39; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832485/; classtype:trojan-activity;sid:83695585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832483/; classtype:trojan-activity;sid:83695583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832471)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832471/; classtype:trojan-activity;sid:83695571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832472)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832472/; classtype:trojan-activity;sid:83695572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832473)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832473/; classtype:trojan-activity;sid:83695573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832474)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832474/; classtype:trojan-activity;sid:83695574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832475)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832475/; classtype:trojan-activity;sid:83695575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832476)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832476/; classtype:trojan-activity;sid:83695576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832477)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832477/; classtype:trojan-activity;sid:83695577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832478)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832478/; classtype:trojan-activity;sid:83695578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832479)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832479/; classtype:trojan-activity;sid:83695579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832480)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832480/; classtype:trojan-activity;sid:83695580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832481)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832481/; classtype:trojan-activity;sid:83695581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832482)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832482/; classtype:trojan-activity;sid:83695582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.165.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832470/; classtype:trojan-activity;sid:83695570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832469)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.81.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832469/; classtype:trojan-activity;sid:83695569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.49.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832468/; classtype:trojan-activity;sid:83695568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832467/; classtype:trojan-activity;sid:83695567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.27.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832466/; classtype:trojan-activity;sid:83695566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832465/; classtype:trojan-activity;sid:83695565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.176.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832464/; classtype:trojan-activity;sid:83695564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832463)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12emoxkbfqbehbulotwlt0rkbuyzrat0e"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832463/; classtype:trojan-activity;sid:83695563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1use9lrwmpsvcgrzvm-nthdfwbxibuijw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832460/; classtype:trojan-activity;sid:83695560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nqzevdctz3sdxlxqbq8lq0uwb65vhzdb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832461/; classtype:trojan-activity;sid:83695561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832462)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ziwwewtmcw_lrwmnlv_hju8y-0oeul4d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832462/; classtype:trojan-activity;sid:83695562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832459)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m2fieailzjcazla70b5mrypd_hoa4xg_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832459/; classtype:trojan-activity;sid:83695559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832456)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1whenyrt4lzthewaggvmwiy4_aso0m32e"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832456/; classtype:trojan-activity;sid:83695556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832457)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1vmnesagqu4nlpa5s6ko_ul922pplu3kl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832457/; classtype:trojan-activity;sid:83695557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832458)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dbb03meugbtomwgyyvjoexbuhaq_lndr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832458/; classtype:trojan-activity;sid:83695558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832454)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1puc0heqcmqiezgusyg6-gcdspzujduza"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832454/; classtype:trojan-activity;sid:83695554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832455)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lojndz-jmftgvokrqx9qwggf05erbzzf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832455/; classtype:trojan-activity;sid:83695555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832453)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/images/smilies/output.js"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"postutopia.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832453/; classtype:trojan-activity;sid:83695553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832452)"; flow:established,from_client; content:"GET"; http_method; content:"/kung/bin.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.29.0.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832452/; classtype:trojan-activity;sid:83695552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832451)"; flow:established,from_client; content:"GET"; http_method; content:"/xampp/wdf/wearegoingtobegoodwithmebecauseireallylovethisallpersonandinotwanttodonothingbecausesheisverybeautifulgirl___iunderstandsheisgoodo.doc"; http_uri; depth:145; isdataat:!1,relative; nocase; content:"103.29.0.182"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832451/; classtype:trojan-activity;sid:83695551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832450)"; flow:established,from_client; content:"GET"; http_method; content:"/findpeacebin.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"universalmovies.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832450/; classtype:trojan-activity;sid:83695550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832449)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.81.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832449/; classtype:trojan-activity;sid:83695549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.238.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832448/; classtype:trojan-activity;sid:83695548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832447/; classtype:trojan-activity;sid:83695547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832443)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832443/; classtype:trojan-activity;sid:83695543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832444)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832444/; classtype:trojan-activity;sid:83695544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832445)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832445/; classtype:trojan-activity;sid:83695545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832446)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832446/; classtype:trojan-activity;sid:83695546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832434)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832434/; classtype:trojan-activity;sid:83695534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832435)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832435/; classtype:trojan-activity;sid:83695535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832436)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832436/; classtype:trojan-activity;sid:83695536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832437)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832437/; classtype:trojan-activity;sid:83695537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832438)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832438/; classtype:trojan-activity;sid:83695538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832439)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832439/; classtype:trojan-activity;sid:83695539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832440)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832440/; classtype:trojan-activity;sid:83695540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832441)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832441/; classtype:trojan-activity;sid:83695541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832442)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832442/; classtype:trojan-activity;sid:83695542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832430)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832430/; classtype:trojan-activity;sid:83695530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832431)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832431/; classtype:trojan-activity;sid:83695531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832432)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832432/; classtype:trojan-activity;sid:83695532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832433)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"spotslfy.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832433/; classtype:trojan-activity;sid:83695533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.166.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832429/; classtype:trojan-activity;sid:83695529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.94.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832428/; classtype:trojan-activity;sid:83695528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832425)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/april-29-receipt.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"staygeraldine.nz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832425/; classtype:trojan-activity;sid:83695525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832426)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/hvapril.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"staygeraldine.nz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832426/; classtype:trojan-activity;sid:83695526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832427)"; flow:established,from_client; content:"GET"; http_method; content:"/cs/reccc.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"staygeraldine.nz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832427/; classtype:trojan-activity;sid:83695527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832423)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/kivfsxmq"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832423/; classtype:trojan-activity;sid:83695523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832424)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/eey9exce"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832424/; classtype:trojan-activity;sid:83695524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832422)"; flow:established,from_client; content:"GET"; http_method; content:"/ap/xwapri.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"joccupationalscience.org"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832422/; classtype:trojan-activity;sid:83695522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832421)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ndu16ucu"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832421/; classtype:trojan-activity;sid:83695521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832420)"; flow:established,from_client; content:"GET"; http_method; content:"/teebin.scr"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"universalmovies.top"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832420/; classtype:trojan-activity;sid:83695520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832419)"; flow:established,from_client; content:"GET"; http_method; content:"/yakfileloadsonedrivedocumentsuploadgoogleapclouddownloads/255_jroqjrqxvse"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"84.252.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832419/; classtype:trojan-activity;sid:83695519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832418/; classtype:trojan-activity;sid:83695518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832417)"; flow:established,from_client; content:"GET"; http_method; content:"/wosoeoacoiouroeasazazaooeurooeoasas/255_zhfwuyuhaur"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"84.252.122.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832417/; classtype:trojan-activity;sid:83695517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832416)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832416/; classtype:trojan-activity;sid:83695516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832415)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.89.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832415/; classtype:trojan-activity;sid:83695515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832414)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken-v2.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"download.gghxyy.club"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832414/; classtype:trojan-activity;sid:83695514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.211.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832413/; classtype:trojan-activity;sid:83695513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832412/; classtype:trojan-activity;sid:83695512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.69.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832411/; classtype:trojan-activity;sid:83695511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832410/; classtype:trojan-activity;sid:83695510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.143.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832409/; classtype:trojan-activity;sid:83695509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.49.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832408/; classtype:trojan-activity;sid:83695508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832407)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"167.179.178.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832407/; classtype:trojan-activity;sid:83695507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832406)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832406/; classtype:trojan-activity;sid:83695506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832404)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zme1id-fhk015vzpsi2h2cistij-nz3u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832404/; classtype:trojan-activity;sid:83695504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832405)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1akzq1cjejvdutlwwiycajdm4bffw0mbq"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832405/; classtype:trojan-activity;sid:83695505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.153.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832403/; classtype:trojan-activity;sid:83695503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832402)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken-v2.apk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"39.103.217.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832402/; classtype:trojan-activity;sid:83695502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832401)"; flow:established,from_client; content:"GET"; http_method; content:"/ghj.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bomdokasw.ru.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832401/; classtype:trojan-activity;sid:83695501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832400)"; flow:established,from_client; content:"GET"; http_method; content:"/d/thahy"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832400/; classtype:trojan-activity;sid:83695500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832398)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gdlbmnxyayfcuhl1ozlcl5-j1g--nesj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832398/; classtype:trojan-activity;sid:83695498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832399)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lf_rx4l60nrlsrg52wq1dbdw071o7bg-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832399/; classtype:trojan-activity;sid:83695499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832397)"; flow:established,from_client; content:"GET"; http_method; content:"/baze64444.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832397/; classtype:trojan-activity;sid:83695497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832396)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/773/812/original/js.jpg"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832396/; classtype:trojan-activity;sid:83695496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832395/; classtype:trojan-activity;sid:83695495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832393)"; flow:established,from_client; content:"GET"; http_method; content:"/mrngwescreentherootforentirepurposehappenedwthhappinessskeisverybeatuiful___heisverygoodnadbeautiufl.doc"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832393/; classtype:trojan-activity;sid:83695493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832394)"; flow:established,from_client; content:"GET"; http_method; content:"/d/ewe8w"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832394/; classtype:trojan-activity;sid:83695494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832392)"; flow:established,from_client; content:"GET"; http_method; content:"/morningxla.js"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832392/; classtype:trojan-activity;sid:83695492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832391/; classtype:trojan-activity;sid:83695491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832390)"; flow:established,from_client; content:"GET"; http_method; content:"/d/f74qb"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832390/; classtype:trojan-activity;sid:83695490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832389)"; flow:established,from_client; content:"GET"; http_method; content:"/90818/gtrr.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832389/; classtype:trojan-activity;sid:83695489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.56.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832388/; classtype:trojan-activity;sid:83695488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832386)"; flow:established,from_client; content:"GET"; http_method; content:"/90818/scrr/multiplepeoplessayingheisverygoodpersonsoicanabletounderstandhowmuchgoodheisimeangoodgirl___sheisverybeautifulgirlformetogetit.doc"; http_uri; depth:142; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832386/; classtype:trojan-activity;sid:83695486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832387)"; flow:established,from_client; content:"GET"; http_method; content:"/90818/examplepixelimages.gif"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"107.175.242.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832387/; classtype:trojan-activity;sid:83695487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832385)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=59261c7e41b6478a%21212|7c|26|7c|authkey=!agx6xu7a8tjfwjs"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832385/; classtype:trojan-activity;sid:83695485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832383)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|resid=59261c7e41b6478a%21215|7c|26|7c|authkey=!ailxsvzlzbop3io"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"onedrive.live.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832383/; classtype:trojan-activity;sid:83695483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832384/; classtype:trojan-activity;sid:83695484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832382/; classtype:trojan-activity;sid:83695482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832381)"; flow:established,from_client; content:"GET"; http_method; content:"/9090/jhn/iwanttokiswithlotoflovesheismygirlitrulylovedherfromtheheartmysweetbabymyheartiwantsheiswithme___girlbeautifysxyandmorethanthat.doc"; http_uri; depth:141; isdataat:!1,relative; nocase; content:"104.168.45.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832381/; classtype:trojan-activity;sid:83695481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832380)"; flow:established,from_client; content:"GET"; http_method; content:"/9090/newst.txt"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"104.168.45.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832380/; classtype:trojan-activity;sid:83695480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832379)"; flow:established,from_client; content:"GET"; http_method; content:"/9090/imageveryclearfisherman.gif"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"104.168.45.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832379/; classtype:trojan-activity;sid:83695479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832378)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xspqv"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832378/; classtype:trojan-activity;sid:83695478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832377)"; flow:established,from_client; content:"GET"; http_method; content:"/9009/dfg.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832377/; classtype:trojan-activity;sid:83695477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832376)"; flow:established,from_client; content:"GET"; http_method; content:"/d/dxgch"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832376/; classtype:trojan-activity;sid:83695476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.66.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832373/; classtype:trojan-activity;sid:83695473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832374)"; flow:established,from_client; content:"GET"; http_method; content:"/9009/imagepixelsample.gif"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832374/; classtype:trojan-activity;sid:83695474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832375)"; flow:established,from_client; content:"GET"; http_method; content:"/9009/hjm/softmindwithagoodheartpersonwinentireworldheartfromthepeopleswhoilovedbeautiful__girlsheknowhowltolovemegreatwayshe.doc"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"107.172.31.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832375/; classtype:trojan-activity;sid:83695475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832372)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832372/; classtype:trojan-activity;sid:83695472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832371/; classtype:trojan-activity;sid:83695471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.226.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832370/; classtype:trojan-activity;sid:83695470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832369/; classtype:trojan-activity;sid:83695469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.143.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832368/; classtype:trojan-activity;sid:83695468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832367)"; flow:established,from_client; content:"GET"; http_method; content:"/tossers.psp"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832367/; classtype:trojan-activity;sid:83695467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832366)"; flow:established,from_client; content:"GET"; http_method; content:"/puzakuq35.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832366/; classtype:trojan-activity;sid:83695466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.238.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832365/; classtype:trojan-activity;sid:83695465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832362)"; flow:established,from_client; content:"GET"; http_method; content:"/detentionen.java"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832362/; classtype:trojan-activity;sid:83695462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832363)"; flow:established,from_client; content:"GET"; http_method; content:"/dybere.mix"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832363/; classtype:trojan-activity;sid:83695463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832364)"; flow:established,from_client; content:"GET"; http_method; content:"/nnzsa79.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"park-your-track.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832364/; classtype:trojan-activity;sid:83695464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832361)"; flow:established,from_client; content:"GET"; http_method; content:"/fkkcx162.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832361/; classtype:trojan-activity;sid:83695461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.47.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832360/; classtype:trojan-activity;sid:83695460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.56.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832359/; classtype:trojan-activity;sid:83695459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.5.48.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832358/; classtype:trojan-activity;sid:83695458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832357)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.43.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832357/; classtype:trojan-activity;sid:83695457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.66.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832356/; classtype:trojan-activity;sid:83695456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.153.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832355/; classtype:trojan-activity;sid:83695455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832354)"; flow:established,from_client; content:"GET"; http_method; content:"/zfkekzp175.bin"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"209.90.233.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832354/; classtype:trojan-activity;sid:83695454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832353)"; flow:established,from_client; content:"GET"; http_method; content:"/gsyrgkggl239.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.90.233.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832353/; classtype:trojan-activity;sid:83695453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.125.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832352/; classtype:trojan-activity;sid:83695452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832351)"; flow:established,from_client; content:"GET"; http_method; content:"/cndxuyyscgouqbvtc207.bin"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"193.239.86.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832351/; classtype:trojan-activity;sid:83695451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832349)"; flow:established,from_client; content:"GET"; http_method; content:"/mosefundets.jpb"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832349/; classtype:trojan-activity;sid:83695449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832350)"; flow:established,from_client; content:"GET"; http_method; content:"/rnhkmlcurocfmjivdhhf128.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832350/; classtype:trojan-activity;sid:83695450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832347)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.103.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832347/; classtype:trojan-activity;sid:83695447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832348)"; flow:established,from_client; content:"GET"; http_method; content:"/oigikpmvqfmxzwuuka221.bin"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"209.90.234.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832348/; classtype:trojan-activity;sid:83695448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832346/; classtype:trojan-activity;sid:83695446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.25.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832345/; classtype:trojan-activity;sid:83695445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832344)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18niohtbdx0gjrydinu6ddsrcqbj6wjt0"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832344/; classtype:trojan-activity;sid:83695444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832343)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lnfp4kirtgfb3bkba5eul8rg-cpgdt4q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832343/; classtype:trojan-activity;sid:83695443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832342/; classtype:trojan-activity;sid:83695442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.108.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832341/; classtype:trojan-activity;sid:83695441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.27.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832340/; classtype:trojan-activity;sid:83695440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.6.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832339/; classtype:trojan-activity;sid:83695439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.157.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832338/; classtype:trojan-activity;sid:83695438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.226.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832337/; classtype:trojan-activity;sid:83695437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.204.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832336/; classtype:trojan-activity;sid:83695436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.61.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832335/; classtype:trojan-activity;sid:83695435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.143.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832334/; classtype:trojan-activity;sid:83695434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832333/; classtype:trojan-activity;sid:83695433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.48.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832332/; classtype:trojan-activity;sid:83695432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.83.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832331/; classtype:trojan-activity;sid:83695431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832330/; classtype:trojan-activity;sid:83695430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.15.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832329/; classtype:trojan-activity;sid:83695429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.55.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832328/; classtype:trojan-activity;sid:83695428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832327/; classtype:trojan-activity;sid:83695427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832326)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.211.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832326/; classtype:trojan-activity;sid:83695426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832325)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"mathsclass.vn"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832325/; classtype:trojan-activity;sid:83695425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832324)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"parthait.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832324/; classtype:trojan-activity;sid:83695424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832322)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lle.uz"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832322/; classtype:trojan-activity;sid:83695422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832323)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"manuurulwaahid.sch.id"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832323/; classtype:trojan-activity;sid:83695423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832320)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lew-hoad.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832320/; classtype:trojan-activity;sid:83695420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832321/; classtype:trojan-activity;sid:83695421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832311)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"myquickandeasy.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832311/; classtype:trojan-activity;sid:83695411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832312)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"panakalresidence.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832312/; classtype:trojan-activity;sid:83695412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832313)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"narutoanimes.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832313/; classtype:trojan-activity;sid:83695413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832314)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"new.botellaflaske.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832314/; classtype:trojan-activity;sid:83695414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832315)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"mbdashcam.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832315/; classtype:trojan-activity;sid:83695415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832316)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lurningbuff.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832316/; classtype:trojan-activity;sid:83695416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832317)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"mixstore.com.mx"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832317/; classtype:trojan-activity;sid:83695417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832318)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"mahmoud-radwan.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832318/; classtype:trojan-activity;sid:83695418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832319)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"nyklawyer.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832319/; classtype:trojan-activity;sid:83695419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832302)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"mozkraty.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832302/; classtype:trojan-activity;sid:83695402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832303)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"nobledeals.co.ke"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832303/; classtype:trojan-activity;sid:83695403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832304)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"meletesergon.gr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832304/; classtype:trojan-activity;sid:83695404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832305)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"nickicecream.gr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832305/; classtype:trojan-activity;sid:83695405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832306)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"patriziamarazzi.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832306/; classtype:trojan-activity;sid:83695406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832307)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"mydesinger.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832307/; classtype:trojan-activity;sid:83695407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832308)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"mundo-felpa.es"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832308/; classtype:trojan-activity;sid:83695408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832309)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lawclerksfordiversity.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832309/; classtype:trojan-activity;sid:83695409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832310)"; flow:established,from_client; content:"GET"; http_method; content:"/code/core/database/press/wp-content/plugins/share-private-fls/shared"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"mining.jaguarmall.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832310/; classtype:trojan-activity;sid:83695410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832301)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"jms.edu.np"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832301/; classtype:trojan-activity;sid:83695401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832300)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ponyevent.vn"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832300/; classtype:trojan-activity;sid:83695400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832299)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"jasarenovasibangunrumahmalang.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832299/; classtype:trojan-activity;sid:83695399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.246.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832297/; classtype:trojan-activity;sid:83695397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832298)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"grupobudeguer.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832298/; classtype:trojan-activity;sid:83695398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832287)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"joshiwater.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832287/; classtype:trojan-activity;sid:83695387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832288)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ladakhescapades.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832288/; classtype:trojan-activity;sid:83695388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832289)"; flow:established,from_client; content:"GET"; http_method; content:"/mertmetdemo/wp-content/plugins/share-private-fls/shared"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"gifdemo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832289/; classtype:trojan-activity;sid:83695389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832290)"; flow:established,from_client; content:"GET"; http_method; content:"/gps_sunum/wp-content/plugins/share-private-fls/shared"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"gifdemo.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832290/; classtype:trojan-activity;sid:83695390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832291)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hawaiismartshopper.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832291/; classtype:trojan-activity;sid:83695391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832292)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ebs-company.xyz"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832292/; classtype:trojan-activity;sid:83695392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832293)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"karamelitses.gr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832293/; classtype:trojan-activity;sid:83695393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832294)"; flow:established,from_client; content:"GET"; http_method; content:"/doxa_organic/wp-content/plugins/share-private-fls/shared"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"goasoftwarecompany.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832294/; classtype:trojan-activity;sid:83695394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832295)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hadjer.boutique"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832295/; classtype:trojan-activity;sid:83695395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832296)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"penjualanpommini.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832296/; classtype:trojan-activity;sid:83695396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832272)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"espaciodiseno.es"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832272/; classtype:trojan-activity;sid:83695372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832273)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"elitpuro1.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832273/; classtype:trojan-activity;sid:83695373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832274)"; flow:established,from_client; content:"GET"; http_method; content:"/himera-v1/wp-content/plugins/share-private-fls/shared"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"himeraveteriner.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832274/; classtype:trojan-activity;sid:83695374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832275)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"kartsiotis.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832275/; classtype:trojan-activity;sid:83695375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832276)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hvg.si"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832276/; classtype:trojan-activity;sid:83695376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832277)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"pavicomsa.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832277/; classtype:trojan-activity;sid:83695377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832278)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"infojobone.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832278/; classtype:trojan-activity;sid:83695378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832279)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"guidespharma.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832279/; classtype:trojan-activity;sid:83695379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832280)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"jobsportal360.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832280/; classtype:trojan-activity;sid:83695380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832281)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"gaming-gears.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832281/; classtype:trojan-activity;sid:83695381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832282)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ivtmarkets.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832282/; classtype:trojan-activity;sid:83695382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832283)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hakelectromechanical.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832283/; classtype:trojan-activity;sid:83695383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832284)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"equranteacher.net"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832284/; classtype:trojan-activity;sid:83695384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832285)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"hunarghar.org.pk"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832285/; classtype:trojan-activity;sid:83695385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832286)"; flow:established,from_client; content:"GET"; http_method; content:"/vecloffy/wp-content/plugins/share-private-fls/shared"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"friendswekeep.vecloffy.co.za"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832286/; classtype:trojan-activity;sid:83695386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832271)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"wisdomlawacademy.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832271/; classtype:trojan-activity;sid:83695371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832270)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ruedastock.cl"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832270/; classtype:trojan-activity;sid:83695370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832266)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"tomitakaengenharia.com.br"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832266/; classtype:trojan-activity;sid:83695366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832267)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"slot.hoki66.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832267/; classtype:trojan-activity;sid:83695367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832268)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"shredderindia.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832268/; classtype:trojan-activity;sid:83695368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832269)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"puntobar.cl"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832269/; classtype:trojan-activity;sid:83695369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832260)"; flow:established,from_client; content:"GET"; http_method; content:"/ahmed/wp-content/plugins/share-private-fls/shared"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"wecancity.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832260/; classtype:trojan-activity;sid:83695360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832261)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"template.majestic-corporation.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832261/; classtype:trojan-activity;sid:83695361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832262)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"testing.vidharm.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832262/; classtype:trojan-activity;sid:83695362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832263)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"subwaymenu.uk"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832263/; classtype:trojan-activity;sid:83695363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832264)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"turkishmarinesurvey.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832264/; classtype:trojan-activity;sid:83695364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832265)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"toyssolution.cloud"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832265/; classtype:trojan-activity;sid:83695365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832258)"; flow:established,from_client; content:"GET"; http_method; content:"/account/wp-content/plugins/share-private-fls/shared"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"smartoptiontrade.online"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832258/; classtype:trojan-activity;sid:83695358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832259)"; flow:established,from_client; content:"GET"; http_method; content:"/account/wp-content/plugins/share-private-fls/shared"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"toptradingoption.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832259/; classtype:trojan-activity;sid:83695359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832255)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ptcmbp.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832255/; classtype:trojan-activity;sid:83695355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832256)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"tirtaningnusantara.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832256/; classtype:trojan-activity;sid:83695356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.11.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832257/; classtype:trojan-activity;sid:83695357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.157.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832253/; classtype:trojan-activity;sid:83695353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832254)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"templarstore.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832254/; classtype:trojan-activity;sid:83695354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832235)"; flow:established,from_client; content:"GET"; http_method; content:"/social/wp-content/plugins/share-private-fls/shared"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"vincecomfort.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832235/; classtype:trojan-activity;sid:83695335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832236)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"staging-superkulca.kinsta.cloud"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832236/; classtype:trojan-activity;sid:83695336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832237)"; flow:established,from_client; content:"GET"; http_method; content:"/web/chris-csp/wp-content/plugins/share-private-fls/shared"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"themetafounders.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832237/; classtype:trojan-activity;sid:83695337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832238)"; flow:established,from_client; content:"GET"; http_method; content:"/takenew/wp-content/plugins/share-private-fls/shared"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"take3llcphotobooth.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832238/; classtype:trojan-activity;sid:83695338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832239)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"tour.culturetoursja.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832239/; classtype:trojan-activity;sid:83695339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832240)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"summerlanddogtraining.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832240/; classtype:trojan-activity;sid:83695340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832241)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"streetpulsedev.wpengine.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832241/; classtype:trojan-activity;sid:83695341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832242)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"themusclemob.themetafounders.com"; http_host; depth:32; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832242/; classtype:trojan-activity;sid:83695342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832243)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"warriorstaging.wpengine.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832243/; classtype:trojan-activity;sid:83695343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832244)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"vilape.online"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832244/; classtype:trojan-activity;sid:83695344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832245)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"things101dev.wpengine.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832245/; classtype:trojan-activity;sid:83695345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832246)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"vnfreetourguides.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832246/; classtype:trojan-activity;sid:83695346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832247)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sociallysnap.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832247/; classtype:trojan-activity;sid:83695347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832248)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"thecocopacific.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832248/; classtype:trojan-activity;sid:83695348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832249)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"portstanleycalipso.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832249/; classtype:trojan-activity;sid:83695349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832250)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"vcfiling.pk"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832250/; classtype:trojan-activity;sid:83695350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832251)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"sanvikevents.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832251/; classtype:trojan-activity;sid:83695351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832252)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"vhs.decospaacloud.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832252/; classtype:trojan-activity;sid:83695352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832233)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"svango.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832233/; classtype:trojan-activity;sid:83695333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832234)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"vridhifashions.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832234/; classtype:trojan-activity;sid:83695334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832232)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.tajimateknikservis.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832232/; classtype:trojan-activity;sid:83695332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832229)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.crickrocket.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832229/; classtype:trojan-activity;sid:83695329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832230)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.bodegabudeguer.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832230/; classtype:trojan-activity;sid:83695330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832231)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.vccg.com.au"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832231/; classtype:trojan-activity;sid:83695331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832227)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"zatracon.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832227/; classtype:trojan-activity;sid:83695327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832228)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.fit4life.es"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832228/; classtype:trojan-activity;sid:83695328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832226)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"wlfw.themetafounders.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832226/; classtype:trojan-activity;sid:83695326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832218)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.qi-code.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832218/; classtype:trojan-activity;sid:83695318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832219)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"zeemark.in"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832219/; classtype:trojan-activity;sid:83695319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832220)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.wonderwritings.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832220/; classtype:trojan-activity;sid:83695320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832221)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.meilinhotels.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832221/; classtype:trojan-activity;sid:83695321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832222)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.eurotravel.com.gr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832222/; classtype:trojan-activity;sid:83695322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832223)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.hawaiiislandmidweek.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832223/; classtype:trojan-activity;sid:83695323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832224)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"youpickcarepackages.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832224/; classtype:trojan-activity;sid:83695324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832225)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.kathatours.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832225/; classtype:trojan-activity;sid:83695325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832212)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.ferentino.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832212/; classtype:trojan-activity;sid:83695312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832213)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.valex-dz.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832213/; classtype:trojan-activity;sid:83695313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832214)"; flow:established,from_client; content:"GET"; http_method; content:"/news/wp-content/plugins/share-private-fls/shared"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.loja.consolata.pt"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832214/; classtype:trojan-activity;sid:83695314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832215)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.topinoxsenegal.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832215/; classtype:trojan-activity;sid:83695315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832216)"; flow:established,from_client; content:"GET"; http_method; content:"/tasawer/wp-content/plugins/share-private-fls/shared"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"www.darkknight-media.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832216/; classtype:trojan-activity;sid:83695316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832217)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.tatuhirdavat.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832217/; classtype:trojan-activity;sid:83695317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832211)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"790wolseleymanagement.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832211/; classtype:trojan-activity;sid:83695311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832209)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"blog.multitamamedia.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832209/; classtype:trojan-activity;sid:83695309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832210)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"alsiga.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832210/; classtype:trojan-activity;sid:83695310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832207)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"zk1construction.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832207/; classtype:trojan-activity;sid:83695307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832208)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"doulosarts.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832208/; classtype:trojan-activity;sid:83695308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832206)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"onemascot.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832206/; classtype:trojan-activity;sid:83695306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"camerabaoha.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832204/; classtype:trojan-activity;sid:83695304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832205)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"donatechantroimoi.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832205/; classtype:trojan-activity;sid:83695305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832201)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"christianbookindia.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832201/; classtype:trojan-activity;sid:83695301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832202/; classtype:trojan-activity;sid:83695302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832203)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dolasimuka.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832203/; classtype:trojan-activity;sid:83695303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832177)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"djibg.eu"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832177/; classtype:trojan-activity;sid:83695277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832178)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"bar.dosdevelopers.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832178/; classtype:trojan-activity;sid:83695278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832179)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"abd.com.tr"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832179/; classtype:trojan-activity;sid:83695279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832180)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"ariesjagnivas.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832180/; classtype:trojan-activity;sid:83695280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832181)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"aryanlogisticpune.in"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832181/; classtype:trojan-activity;sid:83695281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832182)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cricrapid.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832182/; classtype:trojan-activity;sid:83695282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832183)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dhlawfirm.site"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832183/; classtype:trojan-activity;sid:83695283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832184)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"compresoresdetornillo.com.pe"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832184/; classtype:trojan-activity;sid:83695284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832185)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"digitalssystems.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832185/; classtype:trojan-activity;sid:83695285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832186)"; flow:established,from_client; content:"GET"; http_method; content:"/news/wp-content/plugins/share-private-fls/shared"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.loja.consolata.pt"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832186/; classtype:trojan-activity;sid:83695286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832187)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"www.skytechtraders.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832187/; classtype:trojan-activity;sid:83695287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832188)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"contractnerds.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832188/; classtype:trojan-activity;sid:83695288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832189)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"cytotecsolutions.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832189/; classtype:trojan-activity;sid:83695289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832190)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"aavishkaar-palampur.org"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832190/; classtype:trojan-activity;sid:83695290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832191)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"especial.cargasproprias.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832191/; classtype:trojan-activity;sid:83695291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832192)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"coronacreatives.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832192/; classtype:trojan-activity;sid:83695292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832193)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"deadvogados.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832193/; classtype:trojan-activity;sid:83695293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832194)"; flow:established,from_client; content:"GET"; http_method; content:"/intuitionbycg/wp-content/plugins/share-private-fls/shared"; http_uri; depth:58; isdataat:!1,relative; nocase; content:"didacweb.xyz"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832194/; classtype:trojan-activity;sid:83695294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832195)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dealerpertamini.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832195/; classtype:trojan-activity;sid:83695295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832196)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dickypommini.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832196/; classtype:trojan-activity;sid:83695296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832197)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"99homes.co"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832197/; classtype:trojan-activity;sid:83695297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832198)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"delight.mv"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832198/; classtype:trojan-activity;sid:83695298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832199)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dpmpommini.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832199/; classtype:trojan-activity;sid:83695299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832200)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared/|3f|check=true"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"brikule.cz"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832200/; classtype:trojan-activity;sid:83695300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832174)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"alealealpargatas.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832174/; classtype:trojan-activity;sid:83695274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832175)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"vridhifashions.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832175/; classtype:trojan-activity;sid:83695275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832176)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"abhitaak.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832176/; classtype:trojan-activity;sid:83695276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832173)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"azucania.com.ar"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832173/; classtype:trojan-activity;sid:83695273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"157.119.120.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832172/; classtype:trojan-activity;sid:83695272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832171)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-fls/shared"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dsengineer.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832171/; classtype:trojan-activity;sid:83695271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832170)"; flow:established,from_client; content:"GET"; http_method; content:"/ceptics/wp-content/plugins/share-private-fls/shared"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"161.97.170.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832170/; classtype:trojan-activity;sid:83695270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832169)"; flow:established,from_client; content:"GET"; http_method; content:"/markaworks/wp-content/plugins/share-private-fls/shared"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"besparta.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832169/; classtype:trojan-activity;sid:83695269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832168/; classtype:trojan-activity;sid:83695268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.146.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832166/; classtype:trojan-activity;sid:83695266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.232.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832167/; classtype:trojan-activity;sid:83695267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832165)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.39.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832165/; classtype:trojan-activity;sid:83695265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832164/; classtype:trojan-activity;sid:83695264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832163/; classtype:trojan-activity;sid:83695263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832162)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832162/; classtype:trojan-activity;sid:83695262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.86.237.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832161/; classtype:trojan-activity;sid:83695261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.9.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832160/; classtype:trojan-activity;sid:83695260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"106.41.81.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832159/; classtype:trojan-activity;sid:83695259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832158/; classtype:trojan-activity;sid:83695258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832157)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.68.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832157/; classtype:trojan-activity;sid:83695257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.84.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832156/; classtype:trojan-activity;sid:83695256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.75.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832155/; classtype:trojan-activity;sid:83695255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832154)"; flow:established,from_client; content:"GET"; http_method; content:"/svchostmon.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"dcpanel.squezz.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832154/; classtype:trojan-activity;sid:83695254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.6.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832153/; classtype:trojan-activity;sid:83695253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832152/; classtype:trojan-activity;sid:83695252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.75.74.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832151/; classtype:trojan-activity;sid:83695251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.90.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832150/; classtype:trojan-activity;sid:83695250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832149/; classtype:trojan-activity;sid:83695249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832148)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832148/; classtype:trojan-activity;sid:83695248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.193.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832147/; classtype:trojan-activity;sid:83695247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.105.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832146/; classtype:trojan-activity;sid:83695246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.84.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832145/; classtype:trojan-activity;sid:83695245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832144/; classtype:trojan-activity;sid:83695244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.122.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832143/; classtype:trojan-activity;sid:83695243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.168.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832142/; classtype:trojan-activity;sid:83695242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.52.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832141/; classtype:trojan-activity;sid:83695241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.41.81.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832140/; classtype:trojan-activity;sid:83695240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.179.192.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832139/; classtype:trojan-activity;sid:83695239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.131.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832138/; classtype:trojan-activity;sid:83695238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.239.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832137/; classtype:trojan-activity;sid:83695237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.122.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832135/; classtype:trojan-activity;sid:83695235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832136)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.151.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832136/; classtype:trojan-activity;sid:83695236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832134)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.197.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832134/; classtype:trojan-activity;sid:83695234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.58.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832133/; classtype:trojan-activity;sid:83695233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832132)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.75.74.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832132/; classtype:trojan-activity;sid:83695232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832131)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832131/; classtype:trojan-activity;sid:83695231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832130/; classtype:trojan-activity;sid:83695230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832129)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832129/; classtype:trojan-activity;sid:83695229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.243.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832128/; classtype:trojan-activity;sid:83695228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832127/; classtype:trojan-activity;sid:83695227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.52.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832126/; classtype:trojan-activity;sid:83695226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832125/; classtype:trojan-activity;sid:83695225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.122.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832124/; classtype:trojan-activity;sid:83695224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832123)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.221.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832123/; classtype:trojan-activity;sid:83695223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.70.25.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832122/; classtype:trojan-activity;sid:83695222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.238.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832121/; classtype:trojan-activity;sid:83695221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.180.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832120/; classtype:trojan-activity;sid:83695220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.123.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832119/; classtype:trojan-activity;sid:83695219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.147.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832118/; classtype:trojan-activity;sid:83695218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.58.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832117/; classtype:trojan-activity;sid:83695217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.193.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832116/; classtype:trojan-activity;sid:83695216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.221.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832115/; classtype:trojan-activity;sid:83695215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.35.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832114/; classtype:trojan-activity;sid:83695214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832113/; classtype:trojan-activity;sid:83695213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.113.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832112/; classtype:trojan-activity;sid:83695212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.78.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832111/; classtype:trojan-activity;sid:83695211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832110/; classtype:trojan-activity;sid:83695210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832109/; classtype:trojan-activity;sid:83695209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.199.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832108/; classtype:trojan-activity;sid:83695208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832107/; classtype:trojan-activity;sid:83695207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.157.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832105/; classtype:trojan-activity;sid:83695205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.231.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832106/; classtype:trojan-activity;sid:83695206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.238.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832104/; classtype:trojan-activity;sid:83695204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.102.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832103/; classtype:trojan-activity;sid:83695203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.237.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832102/; classtype:trojan-activity;sid:83695202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832101/; classtype:trojan-activity;sid:83695201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.92.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832100/; classtype:trojan-activity;sid:83695200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832099)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.205.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832099/; classtype:trojan-activity;sid:83695199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.191.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832098/; classtype:trojan-activity;sid:83695198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.147.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832097/; classtype:trojan-activity;sid:83695197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832095/; classtype:trojan-activity;sid:83695195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.238.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832096/; classtype:trojan-activity;sid:83695196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.123.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832094/; classtype:trojan-activity;sid:83695194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.7.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832093/; classtype:trojan-activity;sid:83695193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.113.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832092/; classtype:trojan-activity;sid:83695192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.247.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832091/; classtype:trojan-activity;sid:83695191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.35.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832090/; classtype:trojan-activity;sid:83695190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.221.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832089/; classtype:trojan-activity;sid:83695189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.208.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832088/; classtype:trojan-activity;sid:83695188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.218.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832087/; classtype:trojan-activity;sid:83695187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.194.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832086/; classtype:trojan-activity;sid:83695186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.216.35.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832084/; classtype:trojan-activity;sid:83695184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.64.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832085/; classtype:trojan-activity;sid:83695185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832082/; classtype:trojan-activity;sid:83695182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.55.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832083/; classtype:trojan-activity;sid:83695183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.191.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832081/; classtype:trojan-activity;sid:83695181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832080)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832080/; classtype:trojan-activity;sid:83695180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832079)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832079/; classtype:trojan-activity;sid:83695179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832078/; classtype:trojan-activity;sid:83695178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832077)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.39.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832077/; classtype:trojan-activity;sid:83695177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.217.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832075/; classtype:trojan-activity;sid:83695175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832076/; classtype:trojan-activity;sid:83695176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.178.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832074/; classtype:trojan-activity;sid:83695174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.72.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832073/; classtype:trojan-activity;sid:83695173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832072)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.224.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832072/; classtype:trojan-activity;sid:83695172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.155.191.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832071/; classtype:trojan-activity;sid:83695171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.251.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832070/; classtype:trojan-activity;sid:83695170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832069)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.4.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832069/; classtype:trojan-activity;sid:83695169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832068/; classtype:trojan-activity;sid:83695168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832067)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.55.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832067/; classtype:trojan-activity;sid:83695167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832066)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.217.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832066/; classtype:trojan-activity;sid:83695166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.224.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832065/; classtype:trojan-activity;sid:83695165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.242.122.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832064/; classtype:trojan-activity;sid:83695164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.93.136"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832063/; classtype:trojan-activity;sid:83695163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832062)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.181.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832062/; classtype:trojan-activity;sid:83695162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832061)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832061/; classtype:trojan-activity;sid:83695161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.221.31.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832060/; classtype:trojan-activity;sid:83695160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832058)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832058/; classtype:trojan-activity;sid:83695158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832059)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832059/; classtype:trojan-activity;sid:83695159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832057/; classtype:trojan-activity;sid:83695157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.224.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832056/; classtype:trojan-activity;sid:83695156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832055/; classtype:trojan-activity;sid:83695155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832054)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.234.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832054/; classtype:trojan-activity;sid:83695154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.158.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832053/; classtype:trojan-activity;sid:83695153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.249.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832052/; classtype:trojan-activity;sid:83695152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832051)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.224.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832051/; classtype:trojan-activity;sid:83695151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832050)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.167.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832050/; classtype:trojan-activity;sid:83695150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.149.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832049/; classtype:trojan-activity;sid:83695149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.181.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832048/; classtype:trojan-activity;sid:83695148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.242.122.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832047/; classtype:trojan-activity;sid:83695147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832046)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832046/; classtype:trojan-activity;sid:83695146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832045/; classtype:trojan-activity;sid:83695145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.175.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832044/; classtype:trojan-activity;sid:83695144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.61.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832043/; classtype:trojan-activity;sid:83695143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.154.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832042/; classtype:trojan-activity;sid:83695142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.70.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832041/; classtype:trojan-activity;sid:83695141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832040)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832040/; classtype:trojan-activity;sid:83695140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832039/; classtype:trojan-activity;sid:83695139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.158.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832038/; classtype:trojan-activity;sid:83695138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.145.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832037/; classtype:trojan-activity;sid:83695137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.221.31.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832036/; classtype:trojan-activity;sid:83695136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.167.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832035/; classtype:trojan-activity;sid:83695135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832034/; classtype:trojan-activity;sid:83695134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832033)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.23.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832033/; classtype:trojan-activity;sid:83695133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.187.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832032/; classtype:trojan-activity;sid:83695132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.201.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832031/; classtype:trojan-activity;sid:83695131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.48.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832030/; classtype:trojan-activity;sid:83695130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.175.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832029/; classtype:trojan-activity;sid:83695129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.16.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832028/; classtype:trojan-activity;sid:83695128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.95.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832027/; classtype:trojan-activity;sid:83695127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.213.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832025/; classtype:trojan-activity;sid:83695125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832026/; classtype:trojan-activity;sid:83695126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.6.50.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832024/; classtype:trojan-activity;sid:83695124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832022)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xmzccel54fxw"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832022/; classtype:trojan-activity;sid:83695122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.237.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832023/; classtype:trojan-activity;sid:83695123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.63.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832021/; classtype:trojan-activity;sid:83695121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832020)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.111.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832020/; classtype:trojan-activity;sid:83695120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832019)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.135.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832019/; classtype:trojan-activity;sid:83695119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832018)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832018/; classtype:trojan-activity;sid:83695118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.187.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832017/; classtype:trojan-activity;sid:83695117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.61.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832016/; classtype:trojan-activity;sid:83695116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.145.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832014/; classtype:trojan-activity;sid:83695114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.6.50.171"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832015/; classtype:trojan-activity;sid:83695115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832013)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.201.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832013/; classtype:trojan-activity;sid:83695113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832012)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.23.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832012/; classtype:trojan-activity;sid:83695112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.7.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832011/; classtype:trojan-activity;sid:83695111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832010/; classtype:trojan-activity;sid:83695110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.238.41.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832009/; classtype:trojan-activity;sid:83695109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.190.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832007/; classtype:trojan-activity;sid:83695107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.26.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832008/; classtype:trojan-activity;sid:83695108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832006/; classtype:trojan-activity;sid:83695106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832005)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.219.63.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832005/; classtype:trojan-activity;sid:83695105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832003)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832003/; classtype:trojan-activity;sid:83695103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832004)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.59.85.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832004/; classtype:trojan-activity;sid:83695104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832002)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832002/; classtype:trojan-activity;sid:83695102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832001/; classtype:trojan-activity;sid:83695101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2832000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.52.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2832000/; classtype:trojan-activity;sid:83695100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831999/; classtype:trojan-activity;sid:83695099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.25.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831998/; classtype:trojan-activity;sid:83695098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.9.104"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831997/; classtype:trojan-activity;sid:83695097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831996)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.20"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831996/; classtype:trojan-activity;sid:83695096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.232.29.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831995/; classtype:trojan-activity;sid:83695095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831994)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831994/; classtype:trojan-activity;sid:83695094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831993/; classtype:trojan-activity;sid:83695093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831992/; classtype:trojan-activity;sid:83695092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.21.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831991/; classtype:trojan-activity;sid:83695091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831989/; classtype:trojan-activity;sid:83695089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.252.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831990/; classtype:trojan-activity;sid:83695090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.7.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831987/; classtype:trojan-activity;sid:83695087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.185.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831988/; classtype:trojan-activity;sid:83695088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.221.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831986/; classtype:trojan-activity;sid:83695086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.7.126.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831985/; classtype:trojan-activity;sid:83695085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831984/; classtype:trojan-activity;sid:83695084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.111.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831983/; classtype:trojan-activity;sid:83695083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.190.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831982/; classtype:trojan-activity;sid:83695082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831981)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.25.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831981/; classtype:trojan-activity;sid:83695081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.84.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831980/; classtype:trojan-activity;sid:83695080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831979/; classtype:trojan-activity;sid:83695079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831977/; classtype:trojan-activity;sid:83695077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.254.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_30; reference:url, urlhaus.abuse.ch/url/2831978/; classtype:trojan-activity;sid:83695078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.27.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831976/; classtype:trojan-activity;sid:83695076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.111.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831975/; classtype:trojan-activity;sid:83695075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.214.3.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831974/; classtype:trojan-activity;sid:83695074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.185.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831973/; classtype:trojan-activity;sid:83695073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831972)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831972/; classtype:trojan-activity;sid:83695072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.26.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831971/; classtype:trojan-activity;sid:83695071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.126.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831970/; classtype:trojan-activity;sid:83695070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831968/; classtype:trojan-activity;sid:83695068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831969)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.221.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831969/; classtype:trojan-activity;sid:83695069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.75.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831967/; classtype:trojan-activity;sid:83695067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.170.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831966/; classtype:trojan-activity;sid:83695066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.14.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831965/; classtype:trojan-activity;sid:83695065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.92.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831964/; classtype:trojan-activity;sid:83695064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.59.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831963/; classtype:trojan-activity;sid:83695063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831962/; classtype:trojan-activity;sid:83695062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.30.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831961/; classtype:trojan-activity;sid:83695061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831960)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831960/; classtype:trojan-activity;sid:83695060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831959)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.75.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831959/; classtype:trojan-activity;sid:83695059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831958)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.9.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831958/; classtype:trojan-activity;sid:83695058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.59.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831957/; classtype:trojan-activity;sid:83695057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831956)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831956/; classtype:trojan-activity;sid:83695056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.181.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831955/; classtype:trojan-activity;sid:83695055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.106.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831953/; classtype:trojan-activity;sid:83695053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.191.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831954/; classtype:trojan-activity;sid:83695054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831952)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.225.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831952/; classtype:trojan-activity;sid:83695052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831951)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.92.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831951/; classtype:trojan-activity;sid:83695051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.170.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831950/; classtype:trojan-activity;sid:83695050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.75.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831949/; classtype:trojan-activity;sid:83695049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831948)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831948/; classtype:trojan-activity;sid:83695048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.14.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831947/; classtype:trojan-activity;sid:83695047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.30.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831946/; classtype:trojan-activity;sid:83695046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831945)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831945/; classtype:trojan-activity;sid:83695045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831944)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831944/; classtype:trojan-activity;sid:83695044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.221.58.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831943/; classtype:trojan-activity;sid:83695043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831942)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.225.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831942/; classtype:trojan-activity;sid:83695042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831941)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831941/; classtype:trojan-activity;sid:83695041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.181.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831940/; classtype:trojan-activity;sid:83695040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831939/; classtype:trojan-activity;sid:83695039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.42.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831938/; classtype:trojan-activity;sid:83695038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831937/; classtype:trojan-activity;sid:83695037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.37.47"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831936/; classtype:trojan-activity;sid:83695036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.131.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831935/; classtype:trojan-activity;sid:83695035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.204.192.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831933/; classtype:trojan-activity;sid:83695033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831934)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.106.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831934/; classtype:trojan-activity;sid:83695034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.59.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831932/; classtype:trojan-activity;sid:83695032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.177.215.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831930/; classtype:trojan-activity;sid:83695030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831931/; classtype:trojan-activity;sid:83695031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831929/; classtype:trojan-activity;sid:83695029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.45.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831928/; classtype:trojan-activity;sid:83695028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.56.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831927/; classtype:trojan-activity;sid:83695027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.42.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831926/; classtype:trojan-activity;sid:83695026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831925)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xrzikuwcyozy"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831925/; classtype:trojan-activity;sid:83695025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831924)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.86.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831924/; classtype:trojan-activity;sid:83695024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.172.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831922/; classtype:trojan-activity;sid:83695022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.250.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831923/; classtype:trojan-activity;sid:83695023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831921)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.206.161"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831921/; classtype:trojan-activity;sid:83695021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.88.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831920/; classtype:trojan-activity;sid:83695020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.192.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831919/; classtype:trojan-activity;sid:83695019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.56.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831917/; classtype:trojan-activity;sid:83695017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831918/; classtype:trojan-activity;sid:83695018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831916/; classtype:trojan-activity;sid:83695016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.43.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831915/; classtype:trojan-activity;sid:83695015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831914/; classtype:trojan-activity;sid:83695014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831912)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831912/; classtype:trojan-activity;sid:83695012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831913)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.186.40.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831913/; classtype:trojan-activity;sid:83695013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831911)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.40.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831911/; classtype:trojan-activity;sid:83695011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.111.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831910/; classtype:trojan-activity;sid:83695010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.206.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831908/; classtype:trojan-activity;sid:83695008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.248.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831909/; classtype:trojan-activity;sid:83695009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.214.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831907/; classtype:trojan-activity;sid:83695007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831906/; classtype:trojan-activity;sid:83695006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.221.58.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831904/; classtype:trojan-activity;sid:83695004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.90.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831905/; classtype:trojan-activity;sid:83695005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831903/; classtype:trojan-activity;sid:83695003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.202.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831902/; classtype:trojan-activity;sid:83695002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.156.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831901/; classtype:trojan-activity;sid:83695001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831900/; classtype:trojan-activity;sid:83695000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.223.230.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831899/; classtype:trojan-activity;sid:83694999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.71.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831898/; classtype:trojan-activity;sid:83694998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831897/; classtype:trojan-activity;sid:83694997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831896)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669109419|3f|hash=jkpo6xknggloev5w3rmyvyipbkbz4iqzfc2nqtv2wsw|7c|26|7c|dl=z0cbj6cbwdg5wajzxjczzirvaqbpjzspnaeuizzfcp0|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831896/; classtype:trojan-activity;sid:83694996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.170.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831895/; classtype:trojan-activity;sid:83694995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.248.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831894/; classtype:trojan-activity;sid:83694994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831893/; classtype:trojan-activity;sid:83694993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831892/; classtype:trojan-activity;sid:83694992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831891)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.163.249.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831891/; classtype:trojan-activity;sid:83694991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831889/; classtype:trojan-activity;sid:83694989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.253.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831890/; classtype:trojan-activity;sid:83694990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831888)"; flow:established,from_client; content:"GET"; http_method; content:"/bim.msi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.219.220.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831888/; classtype:trojan-activity;sid:83694988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831887)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/case-419310.appspot.com/o/czczc1lrbt%2fdocument_b48_15w635167-5740247h6548-3238a9.js|3f|alt=media|7c|26|7c|token=f0362973-0cf1-48c9-ae4c-8745ccf5e867"; http_uri; depth:155; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831887/; classtype:trojan-activity;sid:83694987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.206.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831886/; classtype:trojan-activity;sid:83694986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831885)"; flow:established,from_client; content:"GET"; http_method; content:"/security_check/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"dimozti1.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831885/; classtype:trojan-activity;sid:83694985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831884)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831884/; classtype:trojan-activity;sid:83694984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.214.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831883/; classtype:trojan-activity;sid:83694983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.253.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831882/; classtype:trojan-activity;sid:83694982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831881/; classtype:trojan-activity;sid:83694981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.73.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831880/; classtype:trojan-activity;sid:83694980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.90.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831879/; classtype:trojan-activity;sid:83694979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.191.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831877/; classtype:trojan-activity;sid:83694977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.77.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831878/; classtype:trojan-activity;sid:83694978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831876/; classtype:trojan-activity;sid:83694976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831875/; classtype:trojan-activity;sid:83694975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.108.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831874/; classtype:trojan-activity;sid:83694974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.99.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831871/; classtype:trojan-activity;sid:83694971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831872)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.254.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831872/; classtype:trojan-activity;sid:83694972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831873/; classtype:trojan-activity;sid:83694973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.71.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831870/; classtype:trojan-activity;sid:83694970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.112.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831869/; classtype:trojan-activity;sid:83694969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.223.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831868/; classtype:trojan-activity;sid:83694968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.78.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831867/; classtype:trojan-activity;sid:83694967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831866)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.7.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831866/; classtype:trojan-activity;sid:83694966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.57.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831865/; classtype:trojan-activity;sid:83694965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831864/; classtype:trojan-activity;sid:83694964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831863/; classtype:trojan-activity;sid:83694963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.197.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831862/; classtype:trojan-activity;sid:83694962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.90.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831861/; classtype:trojan-activity;sid:83694961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831860)"; flow:established,from_client; content:"GET"; http_method; content:"/img/logo6.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"public-ftp.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831860/; classtype:trojan-activity;sid:83694960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.73.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831859/; classtype:trojan-activity;sid:83694959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.112.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831857/; classtype:trojan-activity;sid:83694957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.57.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831858/; classtype:trojan-activity;sid:83694958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.223.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831856/; classtype:trojan-activity;sid:83694956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831855)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xd6wlcrxanep"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831855/; classtype:trojan-activity;sid:83694955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831854/; classtype:trojan-activity;sid:83694954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831853)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831853/; classtype:trojan-activity;sid:83694953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.95.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831852/; classtype:trojan-activity;sid:83694952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.230.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831851/; classtype:trojan-activity;sid:83694951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.21.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831850/; classtype:trojan-activity;sid:83694950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.78.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831849/; classtype:trojan-activity;sid:83694949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.37.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831848/; classtype:trojan-activity;sid:83694948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.135.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831847/; classtype:trojan-activity;sid:83694947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831846)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.55.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831846/; classtype:trojan-activity;sid:83694946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831845)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831845/; classtype:trojan-activity;sid:83694945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.23.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831844/; classtype:trojan-activity;sid:83694944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.13.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831843/; classtype:trojan-activity;sid:83694943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.24.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831842/; classtype:trojan-activity;sid:83694942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831841)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831841/; classtype:trojan-activity;sid:83694941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.21.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831839/; classtype:trojan-activity;sid:83694939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.246.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831840/; classtype:trojan-activity;sid:83694940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831838/; classtype:trojan-activity;sid:83694938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.69.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831836/; classtype:trojan-activity;sid:83694936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831837)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.21.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831837/; classtype:trojan-activity;sid:83694937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831835)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.116.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831835/; classtype:trojan-activity;sid:83694935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.37.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831834/; classtype:trojan-activity;sid:83694934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831833)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669113456|3f|hash=6yrwjw1heh3fdlwimzipwes3t1dk7vemcaw6wy6bn98|7c|26|7c|dl=coo8elmzqzej3ikrsoh3pizceq2ixszxa0dh1c3z72x|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831833/; classtype:trojan-activity;sid:83694933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.45.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831832/; classtype:trojan-activity;sid:83694932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.125.121.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831831/; classtype:trojan-activity;sid:83694931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831830)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.4.196"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831830/; classtype:trojan-activity;sid:83694930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831829)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.107"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831829/; classtype:trojan-activity;sid:83694929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.24.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831828/; classtype:trojan-activity;sid:83694928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831827)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.21.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831827/; classtype:trojan-activity;sid:83694927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831826)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.243.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831826/; classtype:trojan-activity;sid:83694926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.189.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831825/; classtype:trojan-activity;sid:83694925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.136.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831824/; classtype:trojan-activity;sid:83694924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.69.158.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831823/; classtype:trojan-activity;sid:83694923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831822/; classtype:trojan-activity;sid:83694922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831821/; classtype:trojan-activity;sid:83694921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.164.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831820/; classtype:trojan-activity;sid:83694920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.220.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831819/; classtype:trojan-activity;sid:83694919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831818)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831818/; classtype:trojan-activity;sid:83694918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831817/; classtype:trojan-activity;sid:83694917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831816)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.45.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831816/; classtype:trojan-activity;sid:83694916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.193.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831815/; classtype:trojan-activity;sid:83694915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.11.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831814/; classtype:trojan-activity;sid:83694914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831813)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.111.43.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831813/; classtype:trojan-activity;sid:83694913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831812)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.125.121.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831812/; classtype:trojan-activity;sid:83694912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.135.72.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831811/; classtype:trojan-activity;sid:83694911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831810/; classtype:trojan-activity;sid:83694910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831809/; classtype:trojan-activity;sid:83694909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.64.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831808/; classtype:trojan-activity;sid:83694908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831807)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.167.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831807/; classtype:trojan-activity;sid:83694907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.189.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831806/; classtype:trojan-activity;sid:83694906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.202.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831804/; classtype:trojan-activity;sid:83694904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831805)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.148.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831805/; classtype:trojan-activity;sid:83694905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831803)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.220.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831803/; classtype:trojan-activity;sid:83694903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831802/; classtype:trojan-activity;sid:83694902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831801/; classtype:trojan-activity;sid:83694901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.176.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831800/; classtype:trojan-activity;sid:83694900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.50.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831799/; classtype:trojan-activity;sid:83694899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831798/; classtype:trojan-activity;sid:83694898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.58.212.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831797/; classtype:trojan-activity;sid:83694897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831795)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831795/; classtype:trojan-activity;sid:83694895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.26.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831796/; classtype:trojan-activity;sid:83694896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.136.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831794/; classtype:trojan-activity;sid:83694894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831793)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.135.72.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831793/; classtype:trojan-activity;sid:83694893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.11.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831792/; classtype:trojan-activity;sid:83694892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831789)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831789/; classtype:trojan-activity;sid:83694889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831790)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831790/; classtype:trojan-activity;sid:83694890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831791)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831791/; classtype:trojan-activity;sid:83694891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831787)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831787/; classtype:trojan-activity;sid:83694887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831788)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831788/; classtype:trojan-activity;sid:83694888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831780)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831780/; classtype:trojan-activity;sid:83694880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831781)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831781/; classtype:trojan-activity;sid:83694881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831782)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831782/; classtype:trojan-activity;sid:83694882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831783)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831783/; classtype:trojan-activity;sid:83694883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831784)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831784/; classtype:trojan-activity;sid:83694884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831785)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831785/; classtype:trojan-activity;sid:83694885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831786)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831786/; classtype:trojan-activity;sid:83694886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831775)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831775/; classtype:trojan-activity;sid:83694875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831776)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831776/; classtype:trojan-activity;sid:83694876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831777)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831777/; classtype:trojan-activity;sid:83694877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831778)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831778/; classtype:trojan-activity;sid:83694878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831779)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831779/; classtype:trojan-activity;sid:83694879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831772)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831772/; classtype:trojan-activity;sid:83694872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831773)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831773/; classtype:trojan-activity;sid:83694873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831774)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cecilio.pro"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831774/; classtype:trojan-activity;sid:83694874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831769)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831769/; classtype:trojan-activity;sid:83694869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831770)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831770/; classtype:trojan-activity;sid:83694870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831771)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831771/; classtype:trojan-activity;sid:83694871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831765)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831765/; classtype:trojan-activity;sid:83694865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831766)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831766/; classtype:trojan-activity;sid:83694866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831767)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831767/; classtype:trojan-activity;sid:83694867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831768)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831768/; classtype:trojan-activity;sid:83694868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831764)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831764/; classtype:trojan-activity;sid:83694864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831761)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831761/; classtype:trojan-activity;sid:83694861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831762)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831762/; classtype:trojan-activity;sid:83694862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831763)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831763/; classtype:trojan-activity;sid:83694863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831757)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831757/; classtype:trojan-activity;sid:83694857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831758)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831758/; classtype:trojan-activity;sid:83694858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831759)"; flow:established,from_client; content:"GET"; http_method; content:"/huhu.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831759/; classtype:trojan-activity;sid:83694859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831760)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831760/; classtype:trojan-activity;sid:83694860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831755)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831755/; classtype:trojan-activity;sid:83694855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831756)"; flow:established,from_client; content:"GET"; http_method; content:"/tajma.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831756/; classtype:trojan-activity;sid:83694856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831752)"; flow:established,from_client; content:"GET"; http_method; content:"/adb2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831752/; classtype:trojan-activity;sid:83694852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831753)"; flow:established,from_client; content:"GET"; http_method; content:"/adb3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831753/; classtype:trojan-activity;sid:83694853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831754)"; flow:established,from_client; content:"GET"; http_method; content:"/adb1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"mirai-nro.space"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831754/; classtype:trojan-activity;sid:83694854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.112.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831750/; classtype:trojan-activity;sid:83694850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.68.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831751/; classtype:trojan-activity;sid:83694851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831749)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.34.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831749/; classtype:trojan-activity;sid:83694849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.202.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831748/; classtype:trojan-activity;sid:83694848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.176.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831747/; classtype:trojan-activity;sid:83694847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.148.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831746/; classtype:trojan-activity;sid:83694846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831741)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831741/; classtype:trojan-activity;sid:83694841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831742)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.m68k"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831742/; classtype:trojan-activity;sid:83694842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831743)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm5"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831743/; classtype:trojan-activity;sid:83694843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831744)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm6"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831744/; classtype:trojan-activity;sid:83694844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831745)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mips"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831745/; classtype:trojan-activity;sid:83694845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831737)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831737/; classtype:trojan-activity;sid:83694837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831738)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i586"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831738/; classtype:trojan-activity;sid:83694838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831739)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm7"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831739/; classtype:trojan-activity;sid:83694839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831740)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i486"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831740/; classtype:trojan-activity;sid:83694840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831731)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.sh4"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831731/; classtype:trojan-activity;sid:83694831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831732)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831732/; classtype:trojan-activity;sid:83694832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831733)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.mpsl"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831733/; classtype:trojan-activity;sid:83694833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831734)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831734/; classtype:trojan-activity;sid:83694834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831735)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.i686"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831735/; classtype:trojan-activity;sid:83694835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831736)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831736/; classtype:trojan-activity;sid:83694836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831727)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/kowai.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831727/; classtype:trojan-activity;sid:83694827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831728)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.ppc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831728/; classtype:trojan-activity;sid:83694828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831729)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.spc"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831729/; classtype:trojan-activity;sid:83694829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831730)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.arm4"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831730/; classtype:trojan-activity;sid:83694830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831725)"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831725/; classtype:trojan-activity;sid:83694825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831726)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831726/; classtype:trojan-activity;sid:83694826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831724)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831724/; classtype:trojan-activity;sid:83694824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831723/; classtype:trojan-activity;sid:83694823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.26.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831722/; classtype:trojan-activity;sid:83694822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831697)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831697/; classtype:trojan-activity;sid:83694797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831698)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831698/; classtype:trojan-activity;sid:83694798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831699)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831699/; classtype:trojan-activity;sid:83694799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831700)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831700/; classtype:trojan-activity;sid:83694800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831701)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831701/; classtype:trojan-activity;sid:83694801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831702)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831702/; classtype:trojan-activity;sid:83694802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831703)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831703/; classtype:trojan-activity;sid:83694803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831704)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831704/; classtype:trojan-activity;sid:83694804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831705)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831705/; classtype:trojan-activity;sid:83694805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831706)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831706/; classtype:trojan-activity;sid:83694806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831707)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831707/; classtype:trojan-activity;sid:83694807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831708)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.dbg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831708/; classtype:trojan-activity;sid:83694808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831709)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831709/; classtype:trojan-activity;sid:83694809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831710)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831710/; classtype:trojan-activity;sid:83694810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831711)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831711/; classtype:trojan-activity;sid:83694811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831712)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831712/; classtype:trojan-activity;sid:83694812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831713)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831713/; classtype:trojan-activity;sid:83694813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831714)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831714/; classtype:trojan-activity;sid:83694814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831715)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831715/; classtype:trojan-activity;sid:83694815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831716)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831716/; classtype:trojan-activity;sid:83694816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831717)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831717/; classtype:trojan-activity;sid:83694817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831718)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831718/; classtype:trojan-activity;sid:83694818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831719)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831719/; classtype:trojan-activity;sid:83694819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831720)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.dbg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831720/; classtype:trojan-activity;sid:83694820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831721)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"boats.voidnet.click"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831721/; classtype:trojan-activity;sid:83694821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.58.212.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831696/; classtype:trojan-activity;sid:83694796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.119.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831695/; classtype:trojan-activity;sid:83694795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831692)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831692/; classtype:trojan-activity;sid:83694792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831693)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831693/; classtype:trojan-activity;sid:83694793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831694)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"cnc.voidnet.click"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831694/; classtype:trojan-activity;sid:83694794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831687)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831687/; classtype:trojan-activity;sid:83694787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831688)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831688/; classtype:trojan-activity;sid:83694788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831689)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831689/; classtype:trojan-activity;sid:83694789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831690)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831690/; classtype:trojan-activity;sid:83694790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831691)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831691/; classtype:trojan-activity;sid:83694791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831686/; classtype:trojan-activity;sid:83694786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831660)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831660/; classtype:trojan-activity;sid:83694760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831661)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831661/; classtype:trojan-activity;sid:83694761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831662)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831662/; classtype:trojan-activity;sid:83694762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831663)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831663/; classtype:trojan-activity;sid:83694763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831664)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831664/; classtype:trojan-activity;sid:83694764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831665)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831665/; classtype:trojan-activity;sid:83694765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831666)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831666/; classtype:trojan-activity;sid:83694766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831667)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831667/; classtype:trojan-activity;sid:83694767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831668)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831668/; classtype:trojan-activity;sid:83694768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831669)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831669/; classtype:trojan-activity;sid:83694769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831670)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831670/; classtype:trojan-activity;sid:83694770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831671)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831671/; classtype:trojan-activity;sid:83694771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831672)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831672/; classtype:trojan-activity;sid:83694772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831673)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831673/; classtype:trojan-activity;sid:83694773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831674)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831674/; classtype:trojan-activity;sid:83694774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831675)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831675/; classtype:trojan-activity;sid:83694775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831676)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831676/; classtype:trojan-activity;sid:83694776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831677)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831677/; classtype:trojan-activity;sid:83694777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831678)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831678/; classtype:trojan-activity;sid:83694778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831679)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831679/; classtype:trojan-activity;sid:83694779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831680)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831680/; classtype:trojan-activity;sid:83694780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831681)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.dbg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831681/; classtype:trojan-activity;sid:83694781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831682)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831682/; classtype:trojan-activity;sid:83694782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831683)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831683/; classtype:trojan-activity;sid:83694783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831684)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831684/; classtype:trojan-activity;sid:83694784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831685)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831685/; classtype:trojan-activity;sid:83694785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.96.150.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831659/; classtype:trojan-activity;sid:83694759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.149.165.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831658/; classtype:trojan-activity;sid:83694758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.28.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831657/; classtype:trojan-activity;sid:83694757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.133.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831656/; classtype:trojan-activity;sid:83694756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831655)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.94.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831655/; classtype:trojan-activity;sid:83694755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.238.41.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831654/; classtype:trojan-activity;sid:83694754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.165.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831653/; classtype:trojan-activity;sid:83694753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831652)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669111129|3f|hash=iwzokqelmv3ogyzmeekrk1bzticbrpuhi5t5eocklv8|7c|26|7c|dl=ztafjhth6rhq8ra5lngbsyppgf1zltgdtitszv4nmb8|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831652/; classtype:trojan-activity;sid:83694752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831651/; classtype:trojan-activity;sid:83694751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831644)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831644/; classtype:trojan-activity;sid:83694744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831645)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831645/; classtype:trojan-activity;sid:83694745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831646)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831646/; classtype:trojan-activity;sid:83694746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831647)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831647/; classtype:trojan-activity;sid:83694747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831648)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831648/; classtype:trojan-activity;sid:83694748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831649)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831649/; classtype:trojan-activity;sid:83694749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831650)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831650/; classtype:trojan-activity;sid:83694750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831642)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831642/; classtype:trojan-activity;sid:83694742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831643)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831643/; classtype:trojan-activity;sid:83694743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831639)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831639/; classtype:trojan-activity;sid:83694739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831640)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831640/; classtype:trojan-activity;sid:83694740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831641)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831641/; classtype:trojan-activity;sid:83694741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831636)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831636/; classtype:trojan-activity;sid:83694736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831637)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831637/; classtype:trojan-activity;sid:83694737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831638)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831638/; classtype:trojan-activity;sid:83694738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831635)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831635/; classtype:trojan-activity;sid:83694735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831629)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831629/; classtype:trojan-activity;sid:83694729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831630)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.dbg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831630/; classtype:trojan-activity;sid:83694730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831631)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831631/; classtype:trojan-activity;sid:83694731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831632)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831632/; classtype:trojan-activity;sid:83694732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831633)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831633/; classtype:trojan-activity;sid:83694733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831634)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831634/; classtype:trojan-activity;sid:83694734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831628)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831628/; classtype:trojan-activity;sid:83694728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831627)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831627/; classtype:trojan-activity;sid:83694727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831622)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831622/; classtype:trojan-activity;sid:83694722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831623)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831623/; classtype:trojan-activity;sid:83694723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831624)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831624/; classtype:trojan-activity;sid:83694724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831625)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831625/; classtype:trojan-activity;sid:83694725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831626)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"raw.mezo-api.xyz"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831626/; classtype:trojan-activity;sid:83694726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831621/; classtype:trojan-activity;sid:83694721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831620/; classtype:trojan-activity;sid:83694720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831618/; classtype:trojan-activity;sid:83694718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831619)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.232.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831619/; classtype:trojan-activity;sid:83694719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831614)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831614/; classtype:trojan-activity;sid:83694714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831615)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831615/; classtype:trojan-activity;sid:83694715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831616)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831616/; classtype:trojan-activity;sid:83694716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831617)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831617/; classtype:trojan-activity;sid:83694717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.189.245.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831612/; classtype:trojan-activity;sid:83694712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831613)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831613/; classtype:trojan-activity;sid:83694713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831608)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831608/; classtype:trojan-activity;sid:83694708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831609)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831609/; classtype:trojan-activity;sid:83694709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831610)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831610/; classtype:trojan-activity;sid:83694710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831611)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831611/; classtype:trojan-activity;sid:83694711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831605)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831605/; classtype:trojan-activity;sid:83694705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831606)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831606/; classtype:trojan-activity;sid:83694706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831607)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831607/; classtype:trojan-activity;sid:83694707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831604)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831604/; classtype:trojan-activity;sid:83694704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831603)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831603/; classtype:trojan-activity;sid:83694703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831602)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/photo.scr"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831602/; classtype:trojan-activity;sid:83694702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831597)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm4"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831597/; classtype:trojan-activity;sid:83694697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831598)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.dbg"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831598/; classtype:trojan-activity;sid:83694698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831599)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm7"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831599/; classtype:trojan-activity;sid:83694699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831600)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mips"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831600/; classtype:trojan-activity;sid:83694700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831601)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.i686"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831601/; classtype:trojan-activity;sid:83694701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831595)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.spc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831595/; classtype:trojan-activity;sid:83694695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831596)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.ppc"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831596/; classtype:trojan-activity;sid:83694696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831590)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86_64"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831590/; classtype:trojan-activity;sid:83694690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831591)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm5"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831591/; classtype:trojan-activity;sid:83694691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831592)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.mpsl"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831592/; classtype:trojan-activity;sid:83694692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831593)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.x86"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831593/; classtype:trojan-activity;sid:83694693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831594)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.m68k"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831594/; classtype:trojan-activity;sid:83694694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831587)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/av.scr"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831587/; classtype:trojan-activity;sid:83694687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831588)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.arm6"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831588/; classtype:trojan-activity;sid:83694688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831589)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/aqua.sh4"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831589/; classtype:trojan-activity;sid:83694689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831586/; classtype:trojan-activity;sid:83694686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.215.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831585/; classtype:trojan-activity;sid:83694685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.96.150.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831584/; classtype:trojan-activity;sid:83694684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.5.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831583/; classtype:trojan-activity;sid:83694683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831582/; classtype:trojan-activity;sid:83694682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831581)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.75.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831581/; classtype:trojan-activity;sid:83694681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831580)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.30.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831580/; classtype:trojan-activity;sid:83694680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.173.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831577/; classtype:trojan-activity;sid:83694677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831578/; classtype:trojan-activity;sid:83694678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831579)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.99.253.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831579/; classtype:trojan-activity;sid:83694679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.113.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831576/; classtype:trojan-activity;sid:83694676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831575/; classtype:trojan-activity;sid:83694675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831574)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.79.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831574/; classtype:trojan-activity;sid:83694674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.25.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831573/; classtype:trojan-activity;sid:83694673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.246.15.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831572/; classtype:trojan-activity;sid:83694672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.5.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831571/; classtype:trojan-activity;sid:83694671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.215.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831570/; classtype:trojan-activity;sid:83694670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.248.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831569/; classtype:trojan-activity;sid:83694669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.187.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831568/; classtype:trojan-activity;sid:83694668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.242.107.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831566/; classtype:trojan-activity;sid:83694666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.138.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831567/; classtype:trojan-activity;sid:83694667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.35.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831565/; classtype:trojan-activity;sid:83694665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831564/; classtype:trojan-activity;sid:83694664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.117.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831563/; classtype:trojan-activity;sid:83694663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.184.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831562/; classtype:trojan-activity;sid:83694662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.224.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831561/; classtype:trojan-activity;sid:83694661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.210.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831560/; classtype:trojan-activity;sid:83694660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.0.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831559/; classtype:trojan-activity;sid:83694659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.248.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831558/; classtype:trojan-activity;sid:83694658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.107.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831557/; classtype:trojan-activity;sid:83694657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831556)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.227.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831556/; classtype:trojan-activity;sid:83694656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831555)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.189.21.94"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831555/; classtype:trojan-activity;sid:83694655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.248.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831554/; classtype:trojan-activity;sid:83694654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.150.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831553/; classtype:trojan-activity;sid:83694653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.60.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831552/; classtype:trojan-activity;sid:83694652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.40.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831551/; classtype:trojan-activity;sid:83694651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.116.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831550/; classtype:trojan-activity;sid:83694650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.171.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831549/; classtype:trojan-activity;sid:83694649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.152.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831548/; classtype:trojan-activity;sid:83694648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.236.254.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831547/; classtype:trojan-activity;sid:83694647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.180.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831546/; classtype:trojan-activity;sid:83694646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831545)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831545/; classtype:trojan-activity;sid:83694645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831544/; classtype:trojan-activity;sid:83694644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.149.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831543/; classtype:trojan-activity;sid:83694643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.11.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831542/; classtype:trojan-activity;sid:83694642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.198.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831541/; classtype:trojan-activity;sid:83694641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.36.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831540/; classtype:trojan-activity;sid:83694640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.183.56.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831539/; classtype:trojan-activity;sid:83694639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.167.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831538/; classtype:trojan-activity;sid:83694638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.210.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831537/; classtype:trojan-activity;sid:83694637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.121.147.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831536/; classtype:trojan-activity;sid:83694636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.152.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831535/; classtype:trojan-activity;sid:83694635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831534/; classtype:trojan-activity;sid:83694634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.189.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831533/; classtype:trojan-activity;sid:83694633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.114.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831531/; classtype:trojan-activity;sid:83694631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.30.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831532/; classtype:trojan-activity;sid:83694632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.35.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831530/; classtype:trojan-activity;sid:83694630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.171.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831529/; classtype:trojan-activity;sid:83694629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.236.254.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831528/; classtype:trojan-activity;sid:83694628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.211.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831527/; classtype:trojan-activity;sid:83694627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831526)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831526/; classtype:trojan-activity;sid:83694626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.215.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831525/; classtype:trojan-activity;sid:83694625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.49.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831524/; classtype:trojan-activity;sid:83694624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.183.56.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831523/; classtype:trojan-activity;sid:83694623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.203.131.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831522/; classtype:trojan-activity;sid:83694622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.189.103.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831521/; classtype:trojan-activity;sid:83694621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831520/; classtype:trojan-activity;sid:83694620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831519)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.36.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831519/; classtype:trojan-activity;sid:83694619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.99.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831518/; classtype:trojan-activity;sid:83694618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831517/; classtype:trojan-activity;sid:83694617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831516)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831516/; classtype:trojan-activity;sid:83694616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.75.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831515/; classtype:trojan-activity;sid:83694615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.104.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831514/; classtype:trojan-activity;sid:83694614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831513)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831513/; classtype:trojan-activity;sid:83694613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.167.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831512/; classtype:trojan-activity;sid:83694612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.253.221.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831511/; classtype:trojan-activity;sid:83694611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.189.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831510/; classtype:trojan-activity;sid:83694610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.112.206.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831509/; classtype:trojan-activity;sid:83694609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831508/; classtype:trojan-activity;sid:83694608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.49.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831507/; classtype:trojan-activity;sid:83694607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.192.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831505/; classtype:trojan-activity;sid:83694605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.211.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831506/; classtype:trojan-activity;sid:83694606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831504)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831504/; classtype:trojan-activity;sid:83694604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831503)"; flow:established,from_client; content:"GET"; http_method; content:"/shk"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831503/; classtype:trojan-activity;sid:83694603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831502/; classtype:trojan-activity;sid:83694602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.72.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831501/; classtype:trojan-activity;sid:83694601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.208.47.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831500/; classtype:trojan-activity;sid:83694600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.4.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831499/; classtype:trojan-activity;sid:83694599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831498/; classtype:trojan-activity;sid:83694598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.252.16.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831496/; classtype:trojan-activity;sid:83694596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831497/; classtype:trojan-activity;sid:83694597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831495/; classtype:trojan-activity;sid:83694595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831494/; classtype:trojan-activity;sid:83694594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.112.206.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831493/; classtype:trojan-activity;sid:83694593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.180.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831492/; classtype:trojan-activity;sid:83694592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.216.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831491/; classtype:trojan-activity;sid:83694591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.6.7.24"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831490/; classtype:trojan-activity;sid:83694590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.34.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831489/; classtype:trojan-activity;sid:83694589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.72.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831488/; classtype:trojan-activity;sid:83694588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.208.47.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831487/; classtype:trojan-activity;sid:83694587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.166.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831486/; classtype:trojan-activity;sid:83694586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831485)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831485/; classtype:trojan-activity;sid:83694585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.180.221.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831483/; classtype:trojan-activity;sid:83694583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.243.130.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831484/; classtype:trojan-activity;sid:83694584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.192.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831482/; classtype:trojan-activity;sid:83694582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831481/; classtype:trojan-activity;sid:83694581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.39.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831480/; classtype:trojan-activity;sid:83694580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831479/; classtype:trojan-activity;sid:83694579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831478)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831478/; classtype:trojan-activity;sid:83694578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.166.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831477/; classtype:trojan-activity;sid:83694577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831475)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.203.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831475/; classtype:trojan-activity;sid:83694575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.216.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831476/; classtype:trojan-activity;sid:83694576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831474)"; flow:established,from_client; content:"GET"; http_method; content:"/lbb.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.233.132.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831474/; classtype:trojan-activity;sid:83694574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.78.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831473/; classtype:trojan-activity;sid:83694573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.14.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831472/; classtype:trojan-activity;sid:83694572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831471/; classtype:trojan-activity;sid:83694571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831470)"; flow:established,from_client; content:"GET"; http_method; content:"/lb.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.233.132.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831470/; classtype:trojan-activity;sid:83694570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.187.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831469/; classtype:trojan-activity;sid:83694569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.93"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831468/; classtype:trojan-activity;sid:83694568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.60.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831467/; classtype:trojan-activity;sid:83694567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.221.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831466/; classtype:trojan-activity;sid:83694566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.243.130.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831465/; classtype:trojan-activity;sid:83694565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.126.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831464/; classtype:trojan-activity;sid:83694564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.14.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831463/; classtype:trojan-activity;sid:83694563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.127.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831462/; classtype:trojan-activity;sid:83694562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.194.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831460/; classtype:trojan-activity;sid:83694560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831461/; classtype:trojan-activity;sid:83694561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831458)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/x6iiksiqnqad"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831458/; classtype:trojan-activity;sid:83694558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831459)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xbh758amflgx"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831459/; classtype:trojan-activity;sid:83694559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.240.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831457/; classtype:trojan-activity;sid:83694557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831456/; classtype:trojan-activity;sid:83694556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.214.111.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831454/; classtype:trojan-activity;sid:83694554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831455)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669104839|3f|hash=eesrhseuf42n62mluf7fzan6l0h3eeofznd3waolyyk|7c|26|7c|dl=sxbzzrtwzlpqnwyjzbjzrtebomdc9b26pfydeoh9pvl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831455/; classtype:trojan-activity;sid:83694555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831453/; classtype:trojan-activity;sid:83694553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.74.59.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831452/; classtype:trojan-activity;sid:83694552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.127.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831451/; classtype:trojan-activity;sid:83694551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831448)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831448/; classtype:trojan-activity;sid:83694548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831449)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831449/; classtype:trojan-activity;sid:83694549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831450)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831450/; classtype:trojan-activity;sid:83694550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831446)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831446/; classtype:trojan-activity;sid:83694546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831447)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831447/; classtype:trojan-activity;sid:83694547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831440)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831440/; classtype:trojan-activity;sid:83694540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831441)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831441/; classtype:trojan-activity;sid:83694541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831442)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831442/; classtype:trojan-activity;sid:83694542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831443)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831443/; classtype:trojan-activity;sid:83694543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831444)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831444/; classtype:trojan-activity;sid:83694544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831445)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.109.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831445/; classtype:trojan-activity;sid:83694545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.157.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831439/; classtype:trojan-activity;sid:83694539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.9.245.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831438/; classtype:trojan-activity;sid:83694538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.54.69.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831437/; classtype:trojan-activity;sid:83694537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831436)"; flow:established,from_client; content:"GET"; http_method; content:"//fyx.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831436/; classtype:trojan-activity;sid:83694536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.184.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831435/; classtype:trojan-activity;sid:83694535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.221.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831434/; classtype:trojan-activity;sid:83694534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831433)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831433/; classtype:trojan-activity;sid:83694533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831430)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qngxgw.eu.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831430/; classtype:trojan-activity;sid:83694530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831431)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qngxgw.eu.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831431/; classtype:trojan-activity;sid:83694531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831432)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"qngxgw.eu.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831432/; classtype:trojan-activity;sid:83694532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831429/; classtype:trojan-activity;sid:83694529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831428)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831428/; classtype:trojan-activity;sid:83694528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.126.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831427/; classtype:trojan-activity;sid:83694527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.192.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831426/; classtype:trojan-activity;sid:83694526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.157.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831425/; classtype:trojan-activity;sid:83694525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831424)"; flow:established,from_client; content:"GET"; http_method; content:"/lbbb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.233.132.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831424/; classtype:trojan-activity;sid:83694524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.56.97.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831423/; classtype:trojan-activity;sid:83694523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.54.69.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831422/; classtype:trojan-activity;sid:83694522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831421)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.119.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831421/; classtype:trojan-activity;sid:83694521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.184.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831420/; classtype:trojan-activity;sid:83694520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.243.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831419/; classtype:trojan-activity;sid:83694519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.4.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831418/; classtype:trojan-activity;sid:83694518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831417)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669101732|3f|hash=pdz75eqj0nlbz9t1tgdgh55oa4aiyh6tnf6iw8dufw8|7c|26|7c|dl=26vnytcxrh7unaytuebbr25tjz8rfllook8xriacg6c|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831417/; classtype:trojan-activity;sid:83694517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.159.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831416/; classtype:trojan-activity;sid:83694516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.221.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831415/; classtype:trojan-activity;sid:83694515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.252.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831413/; classtype:trojan-activity;sid:83694513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.248.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831414/; classtype:trojan-activity;sid:83694514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.112.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831412/; classtype:trojan-activity;sid:83694512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831411)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831411/; classtype:trojan-activity;sid:83694511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.48.188"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831409/; classtype:trojan-activity;sid:83694509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831410/; classtype:trojan-activity;sid:83694510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831408/; classtype:trojan-activity;sid:83694508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.170.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831407/; classtype:trojan-activity;sid:83694507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831406)"; flow:established,from_client; content:"GET"; http_method; content:"/upd/index.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pofix.red"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831406/; classtype:trojan-activity;sid:83694506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.37.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831404/; classtype:trojan-activity;sid:83694504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831405)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.103.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831405/; classtype:trojan-activity;sid:83694505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.166.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831403/; classtype:trojan-activity;sid:83694503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.238.61"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831402/; classtype:trojan-activity;sid:83694502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.205.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831400/; classtype:trojan-activity;sid:83694500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.112.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831401/; classtype:trojan-activity;sid:83694501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.59.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831399/; classtype:trojan-activity;sid:83694499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831397)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831397/; classtype:trojan-activity;sid:83694497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.4.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831398/; classtype:trojan-activity;sid:83694498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831396)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xog18phqgoqk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831396/; classtype:trojan-activity;sid:83694496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831395)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.48.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831395/; classtype:trojan-activity;sid:83694495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831394)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.49.36.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831394/; classtype:trojan-activity;sid:83694494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.168.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831393/; classtype:trojan-activity;sid:83694493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.161.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831392/; classtype:trojan-activity;sid:83694492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.35.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831391/; classtype:trojan-activity;sid:83694491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.168.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831390/; classtype:trojan-activity;sid:83694490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.86.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831389/; classtype:trojan-activity;sid:83694489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.45.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831388/; classtype:trojan-activity;sid:83694488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831387)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.195.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831387/; classtype:trojan-activity;sid:83694487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831386/; classtype:trojan-activity;sid:83694486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.59.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831385/; classtype:trojan-activity;sid:83694485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831384)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.168.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831384/; classtype:trojan-activity;sid:83694484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.122.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831383/; classtype:trojan-activity;sid:83694483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.35.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831382/; classtype:trojan-activity;sid:83694482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831380)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.111.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831380/; classtype:trojan-activity;sid:83694480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831381)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.54.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831381/; classtype:trojan-activity;sid:83694481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831379)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.4.177"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831379/; classtype:trojan-activity;sid:83694479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.45.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831378/; classtype:trojan-activity;sid:83694478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.241.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831377/; classtype:trojan-activity;sid:83694477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831376)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.221.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831376/; classtype:trojan-activity;sid:83694476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.86.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831375/; classtype:trojan-activity;sid:83694475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831374/; classtype:trojan-activity;sid:83694474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.173.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831373/; classtype:trojan-activity;sid:83694473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.206.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831372/; classtype:trojan-activity;sid:83694472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831371)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831371/; classtype:trojan-activity;sid:83694471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831363)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831363/; classtype:trojan-activity;sid:83694463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831364)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831364/; classtype:trojan-activity;sid:83694464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831365)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831365/; classtype:trojan-activity;sid:83694465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831366)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831366/; classtype:trojan-activity;sid:83694466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831367)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831367/; classtype:trojan-activity;sid:83694467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831368)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831368/; classtype:trojan-activity;sid:83694468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831369)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831369/; classtype:trojan-activity;sid:83694469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831370)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.42.100.119"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831370/; classtype:trojan-activity;sid:83694470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831362)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"198.46.129.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831362/; classtype:trojan-activity;sid:83694462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831359)"; flow:established,from_client; content:"GET"; http_method; content:"/co"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831359/; classtype:trojan-activity;sid:83694459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831360)"; flow:established,from_client; content:"GET"; http_method; content:"/arm61"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831360/; classtype:trojan-activity;sid:83694460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831361)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831361/; classtype:trojan-activity;sid:83694461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831354)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831354/; classtype:trojan-activity;sid:83694454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831355)"; flow:established,from_client; content:"GET"; http_method; content:"/dss"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831355/; classtype:trojan-activity;sid:83694455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831356)"; flow:established,from_client; content:"GET"; http_method; content:"/586"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831356/; classtype:trojan-activity;sid:83694456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831357)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831357/; classtype:trojan-activity;sid:83694457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831358)"; flow:established,from_client; content:"GET"; http_method; content:"/dc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831358/; classtype:trojan-activity;sid:83694458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831348)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831348/; classtype:trojan-activity;sid:83694448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831349)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831349/; classtype:trojan-activity;sid:83694449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831350)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831350/; classtype:trojan-activity;sid:83694450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831351)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831351/; classtype:trojan-activity;sid:83694451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831352)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831352/; classtype:trojan-activity;sid:83694452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831353)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831353/; classtype:trojan-activity;sid:83694453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831347)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.38.142.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831347/; classtype:trojan-activity;sid:83694447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.10.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831346/; classtype:trojan-activity;sid:83694446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831345/; classtype:trojan-activity;sid:83694445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.52.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831344/; classtype:trojan-activity;sid:83694444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.16.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831343/; classtype:trojan-activity;sid:83694443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.194.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831342/; classtype:trojan-activity;sid:83694442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831341/; classtype:trojan-activity;sid:83694441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.70.91.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831340/; classtype:trojan-activity;sid:83694440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.241.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831339/; classtype:trojan-activity;sid:83694439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831338/; classtype:trojan-activity;sid:83694438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.86.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831337/; classtype:trojan-activity;sid:83694437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.195.42.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831336/; classtype:trojan-activity;sid:83694436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.32.86.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831335/; classtype:trojan-activity;sid:83694435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.38.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831333/; classtype:trojan-activity;sid:83694433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831334/; classtype:trojan-activity;sid:83694434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.131.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831332/; classtype:trojan-activity;sid:83694432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831331)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.28.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831331/; classtype:trojan-activity;sid:83694431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.196.124.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831330/; classtype:trojan-activity;sid:83694430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831329)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.108.219.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831329/; classtype:trojan-activity;sid:83694429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831328/; classtype:trojan-activity;sid:83694428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.88.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831326/; classtype:trojan-activity;sid:83694426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.122.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831327/; classtype:trojan-activity;sid:83694427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.130.189.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831325/; classtype:trojan-activity;sid:83694425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.173.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831324/; classtype:trojan-activity;sid:83694424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831323)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.206.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831323/; classtype:trojan-activity;sid:83694423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831322/; classtype:trojan-activity;sid:83694422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831321)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.134.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831321/; classtype:trojan-activity;sid:83694421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.93.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831320/; classtype:trojan-activity;sid:83694420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831319)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.26.16"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831319/; classtype:trojan-activity;sid:83694419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831316)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.61.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831316/; classtype:trojan-activity;sid:83694416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831317)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831317/; classtype:trojan-activity;sid:83694417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831318)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831318/; classtype:trojan-activity;sid:83694418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.16.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831315/; classtype:trojan-activity;sid:83694415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831314/; classtype:trojan-activity;sid:83694414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.56.12.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831313/; classtype:trojan-activity;sid:83694413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831312/; classtype:trojan-activity;sid:83694412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831311)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.86.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831311/; classtype:trojan-activity;sid:83694411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.140.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831310/; classtype:trojan-activity;sid:83694410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.129.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831309/; classtype:trojan-activity;sid:83694409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831308/; classtype:trojan-activity;sid:83694408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.242.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831307/; classtype:trojan-activity;sid:83694407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831306/; classtype:trojan-activity;sid:83694406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.70.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831305/; classtype:trojan-activity;sid:83694405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.198.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831304/; classtype:trojan-activity;sid:83694404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.93.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831303/; classtype:trojan-activity;sid:83694403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831302)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.140.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831302/; classtype:trojan-activity;sid:83694402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831301/; classtype:trojan-activity;sid:83694401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.197.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831300/; classtype:trojan-activity;sid:83694400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831299/; classtype:trojan-activity;sid:83694399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831298)"; flow:established,from_client; content:"GET"; http_method; content:"/vape-v4/pap46e1ukz.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"scan-echo.online"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831298/; classtype:trojan-activity;sid:83694398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.242.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831297/; classtype:trojan-activity;sid:83694397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.241.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831296/; classtype:trojan-activity;sid:83694396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831295)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.49.167.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831295/; classtype:trojan-activity;sid:83694395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831294)"; flow:established,from_client; content:"GET"; http_method; content:"/nc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.40.131.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831294/; classtype:trojan-activity;sid:83694394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.35.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831292/; classtype:trojan-activity;sid:83694392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.247.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831293/; classtype:trojan-activity;sid:83694393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.34.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831291/; classtype:trojan-activity;sid:83694391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.244.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831286/; classtype:trojan-activity;sid:83694386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.84.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831287/; classtype:trojan-activity;sid:83694387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831288/; classtype:trojan-activity;sid:83694388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.222.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831289/; classtype:trojan-activity;sid:83694389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831290)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.232.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831290/; classtype:trojan-activity;sid:83694390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831285)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.245.13.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831285/; classtype:trojan-activity;sid:83694385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831284)"; flow:established,from_client; content:"GET"; http_method; content:"/read1y.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.245.13.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831284/; classtype:trojan-activity;sid:83694384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831283)"; flow:established,from_client; content:"GET"; http_method; content:"/read1y.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.245.13.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831283/; classtype:trojan-activity;sid:83694383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831282)"; flow:established,from_client; content:"GET"; http_method; content:"/read1y.apk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.245.13.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831282/; classtype:trojan-activity;sid:83694382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831281)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.245.13.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831281/; classtype:trojan-activity;sid:83694381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831280)"; flow:established,from_client; content:"GET"; http_method; content:"/ready.apk"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"156.245.13.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831280/; classtype:trojan-activity;sid:83694380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831279/; classtype:trojan-activity;sid:83694379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.52.241.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831278/; classtype:trojan-activity;sid:83694378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831277)"; flow:established,from_client; content:"GET"; http_method; content:"/8443nobeacon"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.245.13.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831277/; classtype:trojan-activity;sid:83694377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831274)"; flow:established,from_client; content:"GET"; http_method; content:"/8443nobeacon"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.245.13.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831274/; classtype:trojan-activity;sid:83694374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831275)"; flow:established,from_client; content:"GET"; http_method; content:"/8443nobeacon"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"156.245.13.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831275/; classtype:trojan-activity;sid:83694375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831276)"; flow:established,from_client; content:"GET"; http_method; content:"/8443beacon"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.245.13.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831276/; classtype:trojan-activity;sid:83694376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831273)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsvirus.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.245.13.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831273/; classtype:trojan-activity;sid:83694373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831272)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsvirus.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.245.13.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831272/; classtype:trojan-activity;sid:83694372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831271)"; flow:established,from_client; content:"GET"; http_method; content:"/windowsvirus.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"156.245.13.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831271/; classtype:trojan-activity;sid:83694371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831269)"; flow:established,from_client; content:"GET"; http_method; content:"/8443beacon"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.245.13.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831269/; classtype:trojan-activity;sid:83694369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831270)"; flow:established,from_client; content:"GET"; http_method; content:"/8443beacon"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"156.245.13.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831270/; classtype:trojan-activity;sid:83694370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831268)"; flow:established,from_client; content:"GET"; http_method; content:"/replacepara.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.245.13.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831268/; classtype:trojan-activity;sid:83694368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831267)"; flow:established,from_client; content:"GET"; http_method; content:"/replacepara.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.245.13.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831267/; classtype:trojan-activity;sid:83694367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831266)"; flow:established,from_client; content:"GET"; http_method; content:"/replacepara.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"156.245.13.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831266/; classtype:trojan-activity;sid:83694366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831265)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.222.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831265/; classtype:trojan-activity;sid:83694365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.235.45.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831264/; classtype:trojan-activity;sid:83694364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.81.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831263/; classtype:trojan-activity;sid:83694363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.36.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831262/; classtype:trojan-activity;sid:83694362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831261)"; flow:established,from_client; content:"GET"; http_method; content:"/310/eng.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"172.245.33.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831261/; classtype:trojan-activity;sid:83694361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831260)"; flow:established,from_client; content:"GET"; http_method; content:"/320/pnh/wintheheartofgirlwithagreatachievementhappeninginourlifewithcutehappinesshappenedinsideofourhearttounderstand__sheismylovertogetherback.doc"; http_uri; depth:148; isdataat:!1,relative; nocase; content:"172.245.33.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831260/; classtype:trojan-activity;sid:83694360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.197.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831259/; classtype:trojan-activity;sid:83694359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831258/; classtype:trojan-activity;sid:83694358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831257)"; flow:established,from_client; content:"GET"; http_method; content:"/1712750455.elf"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"123.56.214.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831257/; classtype:trojan-activity;sid:83694357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.244.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831256/; classtype:trojan-activity;sid:83694356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831255)"; flow:established,from_client; content:"GET"; http_method; content:"/sophos_kill.zip"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831255/; classtype:trojan-activity;sid:83694355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831254)"; flow:established,from_client; content:"GET"; http_method; content:"/procexp64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831254/; classtype:trojan-activity;sid:83694354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831250/; classtype:trojan-activity;sid:83694350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831251)"; flow:established,from_client; content:"GET"; http_method; content:"/telemetrybridge32.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831251/; classtype:trojan-activity;sid:83694351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831252)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.39.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831252/; classtype:trojan-activity;sid:83694352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831253)"; flow:established,from_client; content:"GET"; http_method; content:"/sharphound.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831253/; classtype:trojan-activity;sid:83694353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831249)"; flow:established,from_client; content:"GET"; http_method; content:"/atspcleannew.ps1"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831249/; classtype:trojan-activity;sid:83694349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831248)"; flow:established,from_client; content:"GET"; http_method; content:"/sdp.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831248/; classtype:trojan-activity;sid:83694348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831247)"; flow:established,from_client; content:"GET"; http_method; content:"/lazagne.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831247/; classtype:trojan-activity;sid:83694347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831246)"; flow:established,from_client; content:"GET"; http_method; content:"/lpe_all.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831246/; classtype:trojan-activity;sid:83694346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831245)"; flow:established,from_client; content:"GET"; http_method; content:"/2503.msi"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.215.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831245/; classtype:trojan-activity;sid:83694345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.84.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831244/; classtype:trojan-activity;sid:83694344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831243)"; flow:established,from_client; content:"GET"; http_method; content:"/utils/cmd.war"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"193.3.19.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831243/; classtype:trojan-activity;sid:83694343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.142.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831242/; classtype:trojan-activity;sid:83694342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831241)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831241/; classtype:trojan-activity;sid:83694341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.132.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831240/; classtype:trojan-activity;sid:83694340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.31.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831239/; classtype:trojan-activity;sid:83694339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.36.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831238/; classtype:trojan-activity;sid:83694338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831237/; classtype:trojan-activity;sid:83694337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.150.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831236/; classtype:trojan-activity;sid:83694336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831235/; classtype:trojan-activity;sid:83694335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.46.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831234/; classtype:trojan-activity;sid:83694334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831233/; classtype:trojan-activity;sid:83694333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.101.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831232/; classtype:trojan-activity;sid:83694332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.169.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831231/; classtype:trojan-activity;sid:83694331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.48.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831229/; classtype:trojan-activity;sid:83694329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831230)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/images/iss.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"ssh44.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831230/; classtype:trojan-activity;sid:83694330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.142.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831228/; classtype:trojan-activity;sid:83694328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831227)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.205.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831227/; classtype:trojan-activity;sid:83694327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.86.237.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831226/; classtype:trojan-activity;sid:83694326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.248.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831225/; classtype:trojan-activity;sid:83694325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831224/; classtype:trojan-activity;sid:83694324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.254.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831223/; classtype:trojan-activity;sid:83694323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.52.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831222/; classtype:trojan-activity;sid:83694322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831221)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.60.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831221/; classtype:trojan-activity;sid:83694321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831220)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.217.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831220/; classtype:trojan-activity;sid:83694320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.48.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831218/; classtype:trojan-activity;sid:83694318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.33.249.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831219/; classtype:trojan-activity;sid:83694319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831217)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831217/; classtype:trojan-activity;sid:83694317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.248.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831216/; classtype:trojan-activity;sid:83694316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831212)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831212/; classtype:trojan-activity;sid:83694312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831213)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831213/; classtype:trojan-activity;sid:83694313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831214)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831214/; classtype:trojan-activity;sid:83694314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831215)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831215/; classtype:trojan-activity;sid:83694315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831209)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831209/; classtype:trojan-activity;sid:83694309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831210)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831210/; classtype:trojan-activity;sid:83694310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831211)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831211/; classtype:trojan-activity;sid:83694311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831205)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831205/; classtype:trojan-activity;sid:83694305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831206)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831206/; classtype:trojan-activity;sid:83694306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831207)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831207/; classtype:trojan-activity;sid:83694307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831208)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831208/; classtype:trojan-activity;sid:83694308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831204)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831204/; classtype:trojan-activity;sid:83694304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831202)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831202/; classtype:trojan-activity;sid:83694302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831203)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"legendsworld.top"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831203/; classtype:trojan-activity;sid:83694303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.204.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831201/; classtype:trojan-activity;sid:83694301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831200)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831200/; classtype:trojan-activity;sid:83694300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.65.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831199/; classtype:trojan-activity;sid:83694299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831197)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.196.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831197/; classtype:trojan-activity;sid:83694297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.43.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831198/; classtype:trojan-activity;sid:83694298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.29.29.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831196/; classtype:trojan-activity;sid:83694296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.37.206.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831195/; classtype:trojan-activity;sid:83694295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831188)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831188/; classtype:trojan-activity;sid:83694288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831189)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831189/; classtype:trojan-activity;sid:83694289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831190)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831190/; classtype:trojan-activity;sid:83694290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831191)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831191/; classtype:trojan-activity;sid:83694291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831192)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831192/; classtype:trojan-activity;sid:83694292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831193)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831193/; classtype:trojan-activity;sid:83694293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831194)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.52.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831194/; classtype:trojan-activity;sid:83694294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831185)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831185/; classtype:trojan-activity;sid:83694285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831186)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831186/; classtype:trojan-activity;sid:83694286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831187)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir/z3hir.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831187/; classtype:trojan-activity;sid:83694287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831184)"; flow:established,from_client; content:"GET"; http_method; content:"/pay"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831184/; classtype:trojan-activity;sid:83694284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831180)"; flow:established,from_client; content:"GET"; http_method; content:"/zehir.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831180/; classtype:trojan-activity;sid:83694280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831181/; classtype:trojan-activity;sid:83694281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831182)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"74.208.123.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831182/; classtype:trojan-activity;sid:83694282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.182.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831183/; classtype:trojan-activity;sid:83694283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831179)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.211.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831179/; classtype:trojan-activity;sid:83694279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831178)"; flow:established,from_client; content:"GET"; http_method; content:"/go.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831178/; classtype:trojan-activity;sid:83694278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.26.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831172/; classtype:trojan-activity;sid:83694272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831173)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831173/; classtype:trojan-activity;sid:83694273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831174)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831174/; classtype:trojan-activity;sid:83694274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831175)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831175/; classtype:trojan-activity;sid:83694275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831176)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831176/; classtype:trojan-activity;sid:83694276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831177)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831177/; classtype:trojan-activity;sid:83694277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831170)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831170/; classtype:trojan-activity;sid:83694270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831171)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831171/; classtype:trojan-activity;sid:83694271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831167)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831167/; classtype:trojan-activity;sid:83694267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831168)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831168/; classtype:trojan-activity;sid:83694268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831169)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"46.226.160.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831169/; classtype:trojan-activity;sid:83694269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.242.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831166/; classtype:trojan-activity;sid:83694266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.246.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831165/; classtype:trojan-activity;sid:83694265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831164)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.82.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831164/; classtype:trojan-activity;sid:83694264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831163)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.26.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831163/; classtype:trojan-activity;sid:83694263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.182.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831162/; classtype:trojan-activity;sid:83694262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.29.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831161/; classtype:trojan-activity;sid:83694261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831154)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831154/; classtype:trojan-activity;sid:83694254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831155)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831155/; classtype:trojan-activity;sid:83694255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831156)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831156/; classtype:trojan-activity;sid:83694256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831157)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831157/; classtype:trojan-activity;sid:83694257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831158)"; flow:established,from_client; content:"GET"; http_method; content:"/.smpsl"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831158/; classtype:trojan-activity;sid:83694258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831159)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831159/; classtype:trojan-activity;sid:83694259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831160)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831160/; classtype:trojan-activity;sid:83694260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831148)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831148/; classtype:trojan-activity;sid:83694248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831149)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831149/; classtype:trojan-activity;sid:83694249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831150)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831150/; classtype:trojan-activity;sid:83694250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831151)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831151/; classtype:trojan-activity;sid:83694251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831152)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831152/; classtype:trojan-activity;sid:83694252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831153)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831153/; classtype:trojan-activity;sid:83694253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831147)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.42.186.172"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831147/; classtype:trojan-activity;sid:83694247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.182.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831146/; classtype:trojan-activity;sid:83694246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831145/; classtype:trojan-activity;sid:83694245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.43.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831144/; classtype:trojan-activity;sid:83694244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831143/; classtype:trojan-activity;sid:83694243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831142)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.74.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831142/; classtype:trojan-activity;sid:83694242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.59.197.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831141/; classtype:trojan-activity;sid:83694241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.211.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831139/; classtype:trojan-activity;sid:83694239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831138/; classtype:trojan-activity;sid:83694238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831132)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831132/; classtype:trojan-activity;sid:83694232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831133)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831133/; classtype:trojan-activity;sid:83694233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831134)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831134/; classtype:trojan-activity;sid:83694234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831135/; classtype:trojan-activity;sid:83694235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831136)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831136/; classtype:trojan-activity;sid:83694236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831137)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831137/; classtype:trojan-activity;sid:83694237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831131)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831131/; classtype:trojan-activity;sid:83694231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831127)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831127/; classtype:trojan-activity;sid:83694227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831128)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831128/; classtype:trojan-activity;sid:83694228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831129)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831129/; classtype:trojan-activity;sid:83694229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831130)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831130/; classtype:trojan-activity;sid:83694230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831125)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831125/; classtype:trojan-activity;sid:83694225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831126)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"164.90.158.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831126/; classtype:trojan-activity;sid:83694226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.235.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831124/; classtype:trojan-activity;sid:83694224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.14.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831123/; classtype:trojan-activity;sid:83694223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.74.95.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831122/; classtype:trojan-activity;sid:83694222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831120/; classtype:trojan-activity;sid:83694220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.182.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831121/; classtype:trojan-activity;sid:83694221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.25.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831119/; classtype:trojan-activity;sid:83694219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.21.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831118/; classtype:trojan-activity;sid:83694218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.214.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831117/; classtype:trojan-activity;sid:83694217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.16.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831116/; classtype:trojan-activity;sid:83694216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.59.197.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831113/; classtype:trojan-activity;sid:83694213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.67.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831112/; classtype:trojan-activity;sid:83694212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.14.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831110/; classtype:trojan-activity;sid:83694210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.28.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831109/; classtype:trojan-activity;sid:83694209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.48.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831107/; classtype:trojan-activity;sid:83694207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.214.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831106/; classtype:trojan-activity;sid:83694206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831105)"; flow:established,from_client; content:"GET"; http_method; content:"/v3tutorial.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831105/; classtype:trojan-activity;sid:83694205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.7.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831104/; classtype:trojan-activity;sid:83694204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.20.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831103/; classtype:trojan-activity;sid:83694203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831101)"; flow:established,from_client; content:"GET"; http_method; content:"/playkit.mp4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831101/; classtype:trojan-activity;sid:83694201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831102)"; flow:established,from_client; content:"GET"; http_method; content:"/teaser.mp4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831102/; classtype:trojan-activity;sid:83694202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831100)"; flow:established,from_client; content:"GET"; http_method; content:"/tutorial.mp4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831100/; classtype:trojan-activity;sid:83694200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.235.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831098/; classtype:trojan-activity;sid:83694198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.253.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831097/; classtype:trojan-activity;sid:83694197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.182.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831096/; classtype:trojan-activity;sid:83694196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831094)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.16.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831094/; classtype:trojan-activity;sid:83694194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831093)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.172.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831093/; classtype:trojan-activity;sid:83694193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831092/; classtype:trojan-activity;sid:83694192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.151.75.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831091/; classtype:trojan-activity;sid:83694191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831090/; classtype:trojan-activity;sid:83694190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.48.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831089/; classtype:trojan-activity;sid:83694189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831088/; classtype:trojan-activity;sid:83694188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831087/; classtype:trojan-activity;sid:83694187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831086)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831086/; classtype:trojan-activity;sid:83694186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.43.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831085/; classtype:trojan-activity;sid:83694185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.253.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831083/; classtype:trojan-activity;sid:83694183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.2.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831084/; classtype:trojan-activity;sid:83694184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.61.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831082/; classtype:trojan-activity;sid:83694182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.20.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831081/; classtype:trojan-activity;sid:83694181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831080/; classtype:trojan-activity;sid:83694180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831078)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.ppc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831078/; classtype:trojan-activity;sid:83694178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831079)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831079/; classtype:trojan-activity;sid:83694179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831077/; classtype:trojan-activity;sid:83694177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831074)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.mips"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831074/; classtype:trojan-activity;sid:83694174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.arm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831075/; classtype:trojan-activity;sid:83694175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.x86"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831076/; classtype:trojan-activity;sid:83694176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.m68k"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831068/; classtype:trojan-activity;sid:83694168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.mpsl"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831069/; classtype:trojan-activity;sid:83694169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.sh4"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831070/; classtype:trojan-activity;sid:83694170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831071)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.arm6"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831071/; classtype:trojan-activity;sid:83694171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831072)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.arm5"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831072/; classtype:trojan-activity;sid:83694172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831073)"; flow:established,from_client; content:"GET"; http_method; content:"/bin/predator.spc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831073/; classtype:trojan-activity;sid:83694173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.79.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831067/; classtype:trojan-activity;sid:83694167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831065)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831065/; classtype:trojan-activity;sid:83694165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831066)"; flow:established,from_client; content:"GET"; http_method; content:"/i6"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831066/; classtype:trojan-activity;sid:83694166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831055)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831055/; classtype:trojan-activity;sid:83694155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831056)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831056/; classtype:trojan-activity;sid:83694156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831057)"; flow:established,from_client; content:"GET"; http_method; content:"/i5"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831057/; classtype:trojan-activity;sid:83694157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831058)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831058/; classtype:trojan-activity;sid:83694158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831059)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831059/; classtype:trojan-activity;sid:83694159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831060)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831060/; classtype:trojan-activity;sid:83694160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831061)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831061/; classtype:trojan-activity;sid:83694161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831062)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831062/; classtype:trojan-activity;sid:83694162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831063)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831063/; classtype:trojan-activity;sid:83694163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831064)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831064/; classtype:trojan-activity;sid:83694164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831054)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.138.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831054/; classtype:trojan-activity;sid:83694154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831053/; classtype:trojan-activity;sid:83694153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831052/; classtype:trojan-activity;sid:83694152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831051/; classtype:trojan-activity;sid:83694151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.25.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831050/; classtype:trojan-activity;sid:83694150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831049)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.53.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831049/; classtype:trojan-activity;sid:83694149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.204.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831047/; classtype:trojan-activity;sid:83694147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831048)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.21.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831048/; classtype:trojan-activity;sid:83694148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831046)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r-m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831046/; classtype:trojan-activity;sid:83694146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831045)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831045/; classtype:trojan-activity;sid:83694145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831044)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"179.43.190.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831044/; classtype:trojan-activity;sid:83694144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.5.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831043/; classtype:trojan-activity;sid:83694143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831042)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.20.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831042/; classtype:trojan-activity;sid:83694142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.201.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831041/; classtype:trojan-activity;sid:83694141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831040)"; flow:established,from_client; content:"GET"; http_method; content:"/scdsshfk"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hfs.t1linux.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831040/; classtype:trojan-activity;sid:83694140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831039)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.151.75.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831039/; classtype:trojan-activity;sid:83694139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.201.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831038/; classtype:trojan-activity;sid:83694138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831037)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.222.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831037/; classtype:trojan-activity;sid:83694137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.0.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831036/; classtype:trojan-activity;sid:83694136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831035)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.101.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831035/; classtype:trojan-activity;sid:83694135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831034/; classtype:trojan-activity;sid:83694134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.28.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831033/; classtype:trojan-activity;sid:83694133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831032)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831032/; classtype:trojan-activity;sid:83694132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831031)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831031/; classtype:trojan-activity;sid:83694131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.94.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831030/; classtype:trojan-activity;sid:83694130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.160.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831029/; classtype:trojan-activity;sid:83694129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.79.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831028/; classtype:trojan-activity;sid:83694128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.0.228"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831027/; classtype:trojan-activity;sid:83694127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831026/; classtype:trojan-activity;sid:83694126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831025)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831025/; classtype:trojan-activity;sid:83694125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831019/; classtype:trojan-activity;sid:83694119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831020)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831020/; classtype:trojan-activity;sid:83694120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831021/; classtype:trojan-activity;sid:83694121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831022)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831022/; classtype:trojan-activity;sid:83694122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831023)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831023/; classtype:trojan-activity;sid:83694123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831024)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831024/; classtype:trojan-activity;sid:83694124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"38.45.200.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831018/; classtype:trojan-activity;sid:83694118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831015)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831015/; classtype:trojan-activity;sid:83694115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831016)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831016/; classtype:trojan-activity;sid:83694116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831017)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831017/; classtype:trojan-activity;sid:83694117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831013)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831013/; classtype:trojan-activity;sid:83694113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831014)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831014/; classtype:trojan-activity;sid:83694114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831012)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831012/; classtype:trojan-activity;sid:83694112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831007)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831007/; classtype:trojan-activity;sid:83694107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831008)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831008/; classtype:trojan-activity;sid:83694108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831009)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831009/; classtype:trojan-activity;sid:83694109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831010)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831010/; classtype:trojan-activity;sid:83694110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831011)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831011/; classtype:trojan-activity;sid:83694111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831006)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831006/; classtype:trojan-activity;sid:83694106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830997)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830997/; classtype:trojan-activity;sid:83694097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830998)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830998/; classtype:trojan-activity;sid:83694098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830999)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830999/; classtype:trojan-activity;sid:83694099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831000)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831000/; classtype:trojan-activity;sid:83694100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831001)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831001/; classtype:trojan-activity;sid:83694101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831002)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831002/; classtype:trojan-activity;sid:83694102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831003)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831003/; classtype:trojan-activity;sid:83694103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831004)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831004/; classtype:trojan-activity;sid:83694104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2831005)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"cecilio.network"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2831005/; classtype:trojan-activity;sid:83694105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.135.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830996/; classtype:trojan-activity;sid:83694096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830995)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.27.37.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830995/; classtype:trojan-activity;sid:83694095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830994)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sh"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830994/; classtype:trojan-activity;sid:83694094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830993)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.215.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830993/; classtype:trojan-activity;sid:83694093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.180.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830992/; classtype:trojan-activity;sid:83694092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830991/; classtype:trojan-activity;sid:83694091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830990/; classtype:trojan-activity;sid:83694090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830989/; classtype:trojan-activity;sid:83694089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.135.47"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830988/; classtype:trojan-activity;sid:83694088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830987)"; flow:established,from_client; content:"GET"; http_method; content:"//f"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.54.51.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830987/; classtype:trojan-activity;sid:83694087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.141.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830986/; classtype:trojan-activity;sid:83694086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830985)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.160.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830985/; classtype:trojan-activity;sid:83694085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.94.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830984/; classtype:trojan-activity;sid:83694084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830983)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830983/; classtype:trojan-activity;sid:83694083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830982)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830982/; classtype:trojan-activity;sid:83694082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830981)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830981/; classtype:trojan-activity;sid:83694081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830980)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830980/; classtype:trojan-activity;sid:83694080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830979)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830979/; classtype:trojan-activity;sid:83694079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830978)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830978/; classtype:trojan-activity;sid:83694078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830977)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830977/; classtype:trojan-activity;sid:83694077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830976)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830976/; classtype:trojan-activity;sid:83694076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830975)"; flow:established,from_client; content:"GET"; http_method; content:"/file/neverlose_free.zip"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"myfile.neverlose.pl"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830975/; classtype:trojan-activity;sid:83694075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830974)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830974/; classtype:trojan-activity;sid:83694074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830972)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830972/; classtype:trojan-activity;sid:83694072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830973)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830973/; classtype:trojan-activity;sid:83694073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830971)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830971/; classtype:trojan-activity;sid:83694071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830966)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830966/; classtype:trojan-activity;sid:83694066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830967)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830967/; classtype:trojan-activity;sid:83694067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830968)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830968/; classtype:trojan-activity;sid:83694068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830970)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"103.14.226.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830970/; classtype:trojan-activity;sid:83694070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830965)"; flow:established,from_client; content:"GET"; http_method; content:"/dwnload/cheat.php|3f|kiddionsmodmenu"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"hrwejtrgrsdfg.top"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830965/; classtype:trojan-activity;sid:83694065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830963)"; flow:established,from_client; content:"GET"; http_method; content:"/kampfkarren/roblox/files/15001743/roexec.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830963/; classtype:trojan-activity;sid:83694063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830964)"; flow:established,from_client; content:"GET"; http_method; content:"/server4/v4_file_x86_x64.rar"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"marvelesol.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830964/; classtype:trojan-activity;sid:83694064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830960)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830960/; classtype:trojan-activity;sid:83694060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830961)"; flow:established,from_client; content:"GET"; http_method; content:"/inj"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"77.221.149.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830961/; classtype:trojan-activity;sid:83694061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830962)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830962/; classtype:trojan-activity;sid:83694062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830959)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830959/; classtype:trojan-activity;sid:83694059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830958)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830958/; classtype:trojan-activity;sid:83694058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830954)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830954/; classtype:trojan-activity;sid:83694054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830955)"; flow:established,from_client; content:"GET"; http_method; content:"/delta-io/delta/files/15016110/delta.zip"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830955/; classtype:trojan-activity;sid:83694055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830956)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830956/; classtype:trojan-activity;sid:83694056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830957)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830957/; classtype:trojan-activity;sid:83694057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830952)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830952/; classtype:trojan-activity;sid:83694052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830953)"; flow:established,from_client; content:"GET"; http_method; content:"/b7d0cfdb1d966bdd/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.172.128.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830953/; classtype:trojan-activity;sid:83694053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830941)"; flow:established,from_client; content:"GET"; http_method; content:"/and"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830941/; classtype:trojan-activity;sid:83694041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830942)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830942/; classtype:trojan-activity;sid:83694042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830943)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830943/; classtype:trojan-activity;sid:83694043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830944)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830944/; classtype:trojan-activity;sid:83694044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830945)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830945/; classtype:trojan-activity;sid:83694045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830946)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830946/; classtype:trojan-activity;sid:83694046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830947)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830947/; classtype:trojan-activity;sid:83694047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830948)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830948/; classtype:trojan-activity;sid:83694048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830949)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830949/; classtype:trojan-activity;sid:83694049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830950)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830950/; classtype:trojan-activity;sid:83694050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830951)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830951/; classtype:trojan-activity;sid:83694051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830940)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830940/; classtype:trojan-activity;sid:83694040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830939)"; flow:established,from_client; content:"GET"; http_method; content:"/8420e83ceb95f3af/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.172.128.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830939/; classtype:trojan-activity;sid:83694039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830938/; classtype:trojan-activity;sid:83694038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.133.47.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830930/; classtype:trojan-activity;sid:83694030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830927)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.193.120.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830927/; classtype:trojan-activity;sid:83694027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830928)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.52.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830928/; classtype:trojan-activity;sid:83694028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.189.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830929/; classtype:trojan-activity;sid:83694029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.110.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830926/; classtype:trojan-activity;sid:83694026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.74.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830925/; classtype:trojan-activity;sid:83694025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.14.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830923/; classtype:trojan-activity;sid:83694023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.112.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830924/; classtype:trojan-activity;sid:83694024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830921)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830921/; classtype:trojan-activity;sid:83694021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830922)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830922/; classtype:trojan-activity;sid:83694022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830916)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830916/; classtype:trojan-activity;sid:83694016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830917)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830917/; classtype:trojan-activity;sid:83694017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830918)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830918/; classtype:trojan-activity;sid:83694018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830919/; classtype:trojan-activity;sid:83694019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830920)"; flow:established,from_client; content:"GET"; http_method; content:"/adb"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830920/; classtype:trojan-activity;sid:83694020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830911)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830911/; classtype:trojan-activity;sid:83694011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830912)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830912/; classtype:trojan-activity;sid:83694012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830913)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830913/; classtype:trojan-activity;sid:83694013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830914)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830914/; classtype:trojan-activity;sid:83694014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830915)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830915/; classtype:trojan-activity;sid:83694015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830907)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830907/; classtype:trojan-activity;sid:83694007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830908)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830908/; classtype:trojan-activity;sid:83694008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830909)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830909/; classtype:trojan-activity;sid:83694009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830910)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830910/; classtype:trojan-activity;sid:83694010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830906/; classtype:trojan-activity;sid:83694006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.110.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830905/; classtype:trojan-activity;sid:83694005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830904/; classtype:trojan-activity;sid:83694004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.87"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830903/; classtype:trojan-activity;sid:83694003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830901/; classtype:trojan-activity;sid:83694001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830902/; classtype:trojan-activity;sid:83694002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830900/; classtype:trojan-activity;sid:83694000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.8.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830899/; classtype:trojan-activity;sid:83693999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.126.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830898/; classtype:trojan-activity;sid:83693998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830897/; classtype:trojan-activity;sid:83693997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830892)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830892/; classtype:trojan-activity;sid:83693992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830893)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830893/; classtype:trojan-activity;sid:83693993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830894)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830894/; classtype:trojan-activity;sid:83693994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830895)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830895/; classtype:trojan-activity;sid:83693995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830896)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830896/; classtype:trojan-activity;sid:83693996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830889)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830889/; classtype:trojan-activity;sid:83693989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830890)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830890/; classtype:trojan-activity;sid:83693990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830891)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830891/; classtype:trojan-activity;sid:83693991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830887)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830887/; classtype:trojan-activity;sid:83693987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830888)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830888/; classtype:trojan-activity;sid:83693988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830881)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830881/; classtype:trojan-activity;sid:83693981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830882)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830882/; classtype:trojan-activity;sid:83693982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830883)"; flow:established,from_client; content:"GET"; http_method; content:"/l"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830883/; classtype:trojan-activity;sid:83693983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830884)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830884/; classtype:trojan-activity;sid:83693984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830885)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830885/; classtype:trojan-activity;sid:83693985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830886)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830886/; classtype:trojan-activity;sid:83693986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830875)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830875/; classtype:trojan-activity;sid:83693975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830876)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830876/; classtype:trojan-activity;sid:83693976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830877)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830877/; classtype:trojan-activity;sid:83693977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830878)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830878/; classtype:trojan-activity;sid:83693978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830879)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830879/; classtype:trojan-activity;sid:83693979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830880)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830880/; classtype:trojan-activity;sid:83693980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830873)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830873/; classtype:trojan-activity;sid:83693973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830874)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830874/; classtype:trojan-activity;sid:83693974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830870)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830870/; classtype:trojan-activity;sid:83693970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830871)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830871/; classtype:trojan-activity;sid:83693971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830872)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/skid.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830872/; classtype:trojan-activity;sid:83693972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.204.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830869/; classtype:trojan-activity;sid:83693969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.221.247.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830868/; classtype:trojan-activity;sid:83693968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830867)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.214.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830867/; classtype:trojan-activity;sid:83693967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830866/; classtype:trojan-activity;sid:83693966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.201.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830865/; classtype:trojan-activity;sid:83693965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.155.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830864/; classtype:trojan-activity;sid:83693964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.212.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830863/; classtype:trojan-activity;sid:83693963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.9.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830862/; classtype:trojan-activity;sid:83693962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830861/; classtype:trojan-activity;sid:83693961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.231.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830860/; classtype:trojan-activity;sid:83693960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830857/; classtype:trojan-activity;sid:83693957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.151.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830858/; classtype:trojan-activity;sid:83693958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.14.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830859/; classtype:trojan-activity;sid:83693959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830856)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830856/; classtype:trojan-activity;sid:83693956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.251.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830855/; classtype:trojan-activity;sid:83693955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.113.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830852/; classtype:trojan-activity;sid:83693952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830853/; classtype:trojan-activity;sid:83693953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830854/; classtype:trojan-activity;sid:83693954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.207.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830851/; classtype:trojan-activity;sid:83693951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830849)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830849/; classtype:trojan-activity;sid:83693949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830850)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830850/; classtype:trojan-activity;sid:83693950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830848)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830848/; classtype:trojan-activity;sid:83693948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830847)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830847/; classtype:trojan-activity;sid:83693947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830845)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830845/; classtype:trojan-activity;sid:83693945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830846)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830846/; classtype:trojan-activity;sid:83693946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830844)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830844/; classtype:trojan-activity;sid:83693944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830843)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830843/; classtype:trojan-activity;sid:83693943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830842)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830842/; classtype:trojan-activity;sid:83693942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830841)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830841/; classtype:trojan-activity;sid:83693941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830840)"; flow:established,from_client; content:"GET"; http_method; content:"//bot.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830840/; classtype:trojan-activity;sid:83693940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830839)"; flow:established,from_client; content:"GET"; http_method; content:"//debug.dbg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830839/; classtype:trojan-activity;sid:83693939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830837)"; flow:established,from_client; content:"GET"; http_method; content:"//telnet"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830837/; classtype:trojan-activity;sid:83693937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830838)"; flow:established,from_client; content:"GET"; http_method; content:"//and"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830838/; classtype:trojan-activity;sid:83693938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830836)"; flow:established,from_client; content:"GET"; http_method; content:"//a"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830836/; classtype:trojan-activity;sid:83693936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830835)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"150.95.112.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830835/; classtype:trojan-activity;sid:83693935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830834)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830834/; classtype:trojan-activity;sid:83693934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.115.172.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830833/; classtype:trojan-activity;sid:83693933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830832)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.231.203.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830832/; classtype:trojan-activity;sid:83693932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830831)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.214.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830831/; classtype:trojan-activity;sid:83693931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830830)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.172.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830830/; classtype:trojan-activity;sid:83693930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.133.45.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830829/; classtype:trojan-activity;sid:83693929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830828)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830828/; classtype:trojan-activity;sid:83693928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830827)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.0.254"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830827/; classtype:trojan-activity;sid:83693927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830826)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.40.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830826/; classtype:trojan-activity;sid:83693926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830825)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.21.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830825/; classtype:trojan-activity;sid:83693925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830824/; classtype:trojan-activity;sid:83693924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830823)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.221.247.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830823/; classtype:trojan-activity;sid:83693923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830822/; classtype:trojan-activity;sid:83693922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830821)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.207.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830821/; classtype:trojan-activity;sid:83693921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830820)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.9.100"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830820/; classtype:trojan-activity;sid:83693920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830819)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830819/; classtype:trojan-activity;sid:83693919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830818)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830818/; classtype:trojan-activity;sid:83693918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830817)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830817/; classtype:trojan-activity;sid:83693917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830807)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830807/; classtype:trojan-activity;sid:83693907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830808)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830808/; classtype:trojan-activity;sid:83693908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830809)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830809/; classtype:trojan-activity;sid:83693909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830810)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830810/; classtype:trojan-activity;sid:83693910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830811)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830811/; classtype:trojan-activity;sid:83693911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830812)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830812/; classtype:trojan-activity;sid:83693912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830813)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830813/; classtype:trojan-activity;sid:83693913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830814)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830814/; classtype:trojan-activity;sid:83693914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830815)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830815/; classtype:trojan-activity;sid:83693915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830816)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"64.23.184.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830816/; classtype:trojan-activity;sid:83693916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.61.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830806/; classtype:trojan-activity;sid:83693906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.204.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830805/; classtype:trojan-activity;sid:83693905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.251.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830804/; classtype:trojan-activity;sid:83693904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830803/; classtype:trojan-activity;sid:83693903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830802/; classtype:trojan-activity;sid:83693902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830801/; classtype:trojan-activity;sid:83693901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830800)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.79.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830800/; classtype:trojan-activity;sid:83693900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.236"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830799/; classtype:trojan-activity;sid:83693899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830798)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.88.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830798/; classtype:trojan-activity;sid:83693898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830797/; classtype:trojan-activity;sid:83693897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.251.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830796/; classtype:trojan-activity;sid:83693896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.133.45.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830795/; classtype:trojan-activity;sid:83693895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830794)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.61.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830794/; classtype:trojan-activity;sid:83693894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.176.107.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830793/; classtype:trojan-activity;sid:83693893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830792)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.84.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830792/; classtype:trojan-activity;sid:83693892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830791/; classtype:trojan-activity;sid:83693891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.7.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830790/; classtype:trojan-activity;sid:83693890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830789/; classtype:trojan-activity;sid:83693889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.41.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830788/; classtype:trojan-activity;sid:83693888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830787/; classtype:trojan-activity;sid:83693887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.34.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830786/; classtype:trojan-activity;sid:83693886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.179.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830785/; classtype:trojan-activity;sid:83693885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.109.47.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830784/; classtype:trojan-activity;sid:83693884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830783)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830783/; classtype:trojan-activity;sid:83693883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.164.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830782/; classtype:trojan-activity;sid:83693882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.227.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830781/; classtype:trojan-activity;sid:83693881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.66.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830779/; classtype:trojan-activity;sid:83693879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830780/; classtype:trojan-activity;sid:83693880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830778/; classtype:trojan-activity;sid:83693878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.23.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830777/; classtype:trojan-activity;sid:83693877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830776/; classtype:trojan-activity;sid:83693876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830775/; classtype:trojan-activity;sid:83693875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.33.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830774/; classtype:trojan-activity;sid:83693874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.51.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830773/; classtype:trojan-activity;sid:83693873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830772/; classtype:trojan-activity;sid:83693872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.113.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830771/; classtype:trojan-activity;sid:83693871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.121.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830770/; classtype:trojan-activity;sid:83693870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.135.130.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830769/; classtype:trojan-activity;sid:83693869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.34.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830768/; classtype:trojan-activity;sid:83693868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.227.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830767/; classtype:trojan-activity;sid:83693867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830766)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.58.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830766/; classtype:trojan-activity;sid:83693866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830764)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.191.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830764/; classtype:trojan-activity;sid:83693864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.134.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830765/; classtype:trojan-activity;sid:83693865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830763/; classtype:trojan-activity;sid:83693863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.185.140.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830762/; classtype:trojan-activity;sid:83693862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830761/; classtype:trojan-activity;sid:83693861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830760)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.238.25.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830760/; classtype:trojan-activity;sid:83693860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830759)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.49.53.192"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830759/; classtype:trojan-activity;sid:83693859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.80.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830758/; classtype:trojan-activity;sid:83693858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830757)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.210.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830757/; classtype:trojan-activity;sid:83693857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830756/; classtype:trojan-activity;sid:83693856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830755/; classtype:trojan-activity;sid:83693855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830754)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.164.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830754/; classtype:trojan-activity;sid:83693854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830753)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.182"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830753/; classtype:trojan-activity;sid:83693853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.219.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830752/; classtype:trojan-activity;sid:83693852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.23.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830751/; classtype:trojan-activity;sid:83693851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.121.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830750/; classtype:trojan-activity;sid:83693850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830749/; classtype:trojan-activity;sid:83693849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.189.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830748/; classtype:trojan-activity;sid:83693848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.240.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830747/; classtype:trojan-activity;sid:83693847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830746)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.135.130.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830746/; classtype:trojan-activity;sid:83693846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.97.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830745/; classtype:trojan-activity;sid:83693845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830744)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.69.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830744/; classtype:trojan-activity;sid:83693844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830743/; classtype:trojan-activity;sid:83693843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830742/; classtype:trojan-activity;sid:83693842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.95.10"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830741/; classtype:trojan-activity;sid:83693841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.58.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830740/; classtype:trojan-activity;sid:83693840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.227.95.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830738/; classtype:trojan-activity;sid:83693838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830739)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.85.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830739/; classtype:trojan-activity;sid:83693839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.92.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830737/; classtype:trojan-activity;sid:83693837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830736/; classtype:trojan-activity;sid:83693836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.26.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830735/; classtype:trojan-activity;sid:83693835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830734)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.168.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830734/; classtype:trojan-activity;sid:83693834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830733)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830733/; classtype:trojan-activity;sid:83693833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830732)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830732/; classtype:trojan-activity;sid:83693832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.86.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830731/; classtype:trojan-activity;sid:83693831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830730/; classtype:trojan-activity;sid:83693830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.234.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830729/; classtype:trojan-activity;sid:83693829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.20.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830728/; classtype:trojan-activity;sid:83693828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.160.185.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830727/; classtype:trojan-activity;sid:83693827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.234.84.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830726/; classtype:trojan-activity;sid:83693826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830725/; classtype:trojan-activity;sid:83693825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.92.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830724/; classtype:trojan-activity;sid:83693824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830723)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.95.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830723/; classtype:trojan-activity;sid:83693823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.249.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830720/; classtype:trojan-activity;sid:83693820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830721/; classtype:trojan-activity;sid:83693821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.117.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830722/; classtype:trojan-activity;sid:83693822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830719)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830719/; classtype:trojan-activity;sid:83693819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830718)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.251.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830718/; classtype:trojan-activity;sid:83693818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830717)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830717/; classtype:trojan-activity;sid:83693817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830716)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.192.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830716/; classtype:trojan-activity;sid:83693816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.166.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830715/; classtype:trojan-activity;sid:83693815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.26.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830714/; classtype:trojan-activity;sid:83693814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.80.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830713/; classtype:trojan-activity;sid:83693813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830712/; classtype:trojan-activity;sid:83693812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.97.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830711/; classtype:trojan-activity;sid:83693811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.234.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830710/; classtype:trojan-activity;sid:83693810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.141.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830709/; classtype:trojan-activity;sid:83693809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830708)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.85.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830708/; classtype:trojan-activity;sid:83693808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.73.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830707/; classtype:trojan-activity;sid:83693807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.115.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830706/; classtype:trojan-activity;sid:83693806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.228.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830705/; classtype:trojan-activity;sid:83693805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.249.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830704/; classtype:trojan-activity;sid:83693804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830703)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.33.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830703/; classtype:trojan-activity;sid:83693803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830702)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830702/; classtype:trojan-activity;sid:83693802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830701)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.71.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830701/; classtype:trojan-activity;sid:83693801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.11.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830700/; classtype:trojan-activity;sid:83693800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830698/; classtype:trojan-activity;sid:83693798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.65.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830699/; classtype:trojan-activity;sid:83693799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830697/; classtype:trojan-activity;sid:83693797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.134.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830696/; classtype:trojan-activity;sid:83693796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830695)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.166.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830695/; classtype:trojan-activity;sid:83693795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.39.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830694/; classtype:trojan-activity;sid:83693794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.33.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830693/; classtype:trojan-activity;sid:83693793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.235.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830692/; classtype:trojan-activity;sid:83693792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.36.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830691/; classtype:trojan-activity;sid:83693791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830690/; classtype:trojan-activity;sid:83693790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.65.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830689/; classtype:trojan-activity;sid:83693789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830688/; classtype:trojan-activity;sid:83693788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.15.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830687/; classtype:trojan-activity;sid:83693787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830686)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.61.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830686/; classtype:trojan-activity;sid:83693786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830685/; classtype:trojan-activity;sid:83693785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.239.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830684/; classtype:trojan-activity;sid:83693784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830683)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.213.186.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830683/; classtype:trojan-activity;sid:83693783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830682)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.235.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830682/; classtype:trojan-activity;sid:83693782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830681/; classtype:trojan-activity;sid:83693781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830680)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.95.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830680/; classtype:trojan-activity;sid:83693780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830679/; classtype:trojan-activity;sid:83693779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830678/; classtype:trojan-activity;sid:83693778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.33.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830677/; classtype:trojan-activity;sid:83693777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.36.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830676/; classtype:trojan-activity;sid:83693776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.27.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830675/; classtype:trojan-activity;sid:83693775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.13.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830674/; classtype:trojan-activity;sid:83693774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.61.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830673/; classtype:trojan-activity;sid:83693773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.179.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830672/; classtype:trojan-activity;sid:83693772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830671/; classtype:trojan-activity;sid:83693771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830670)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830670/; classtype:trojan-activity;sid:83693770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.109.47.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830668/; classtype:trojan-activity;sid:83693768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830669)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.57.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830669/; classtype:trojan-activity;sid:83693769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830667/; classtype:trojan-activity;sid:83693767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.213.186.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830666/; classtype:trojan-activity;sid:83693766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.178.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830665/; classtype:trojan-activity;sid:83693765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.60.4.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830664/; classtype:trojan-activity;sid:83693764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.117.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830663/; classtype:trojan-activity;sid:83693763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830661/; classtype:trojan-activity;sid:83693761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.23.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830662/; classtype:trojan-activity;sid:83693762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.178.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830659/; classtype:trojan-activity;sid:83693759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830660)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.130.4.251"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830660/; classtype:trojan-activity;sid:83693760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.101.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830658/; classtype:trojan-activity;sid:83693758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.254.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830657/; classtype:trojan-activity;sid:83693757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830655)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.175.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830655/; classtype:trojan-activity;sid:83693755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.86.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830656/; classtype:trojan-activity;sid:83693756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.154.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830654/; classtype:trojan-activity;sid:83693754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830653/; classtype:trojan-activity;sid:83693753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.201"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830652/; classtype:trojan-activity;sid:83693752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.0.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830651/; classtype:trojan-activity;sid:83693751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.55.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830650/; classtype:trojan-activity;sid:83693750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830649)"; flow:established,from_client; content:"GET"; http_method; content:"/skid.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.13.119.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830649/; classtype:trojan-activity;sid:83693749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830648)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.117.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830648/; classtype:trojan-activity;sid:83693748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.4.112"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830647/; classtype:trojan-activity;sid:83693747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830646)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.86.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830646/; classtype:trojan-activity;sid:83693746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830645)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.247.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830645/; classtype:trojan-activity;sid:83693745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.90.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830644/; classtype:trojan-activity;sid:83693744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830643/; classtype:trojan-activity;sid:83693743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830642)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.175.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830642/; classtype:trojan-activity;sid:83693742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.154.92.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830640/; classtype:trojan-activity;sid:83693740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830641)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.228.199.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830641/; classtype:trojan-activity;sid:83693741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830639)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830639/; classtype:trojan-activity;sid:83693739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830637/; classtype:trojan-activity;sid:83693737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.16.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830638/; classtype:trojan-activity;sid:83693738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830635/; classtype:trojan-activity;sid:83693735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.101.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830636/; classtype:trojan-activity;sid:83693736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830634/; classtype:trojan-activity;sid:83693734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830633)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.55.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830633/; classtype:trojan-activity;sid:83693733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.157.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830632/; classtype:trojan-activity;sid:83693732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.211.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830631/; classtype:trojan-activity;sid:83693731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.95.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830630/; classtype:trojan-activity;sid:83693730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830628/; classtype:trojan-activity;sid:83693728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830629)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.32.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830629/; classtype:trojan-activity;sid:83693729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.41.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830627/; classtype:trojan-activity;sid:83693727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830626/; classtype:trojan-activity;sid:83693726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.41.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830625/; classtype:trojan-activity;sid:83693725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830624/; classtype:trojan-activity;sid:83693724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.9.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830623/; classtype:trojan-activity;sid:83693723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830622/; classtype:trojan-activity;sid:83693722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830621/; classtype:trojan-activity;sid:83693721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.247.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830620/; classtype:trojan-activity;sid:83693720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830618/; classtype:trojan-activity;sid:83693718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.121.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830619/; classtype:trojan-activity;sid:83693719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.130.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830617/; classtype:trojan-activity;sid:83693717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.157.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830616/; classtype:trojan-activity;sid:83693716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.9.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830615/; classtype:trojan-activity;sid:83693715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830614/; classtype:trojan-activity;sid:83693714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.88.232.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830613/; classtype:trojan-activity;sid:83693713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_29; reference:url, urlhaus.abuse.ch/url/2830612/; classtype:trojan-activity;sid:83693712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830611/; classtype:trojan-activity;sid:83693711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830610)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830610/; classtype:trojan-activity;sid:83693710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.41.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830609/; classtype:trojan-activity;sid:83693709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830608)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.176.178.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830608/; classtype:trojan-activity;sid:83693708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.4.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830607/; classtype:trojan-activity;sid:83693707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830606)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.33.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830606/; classtype:trojan-activity;sid:83693706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.130.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830605/; classtype:trojan-activity;sid:83693705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.93.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830604/; classtype:trojan-activity;sid:83693704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.240.211.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830603/; classtype:trojan-activity;sid:83693703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.235.107.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830601/; classtype:trojan-activity;sid:83693701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.30.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830602/; classtype:trojan-activity;sid:83693702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.53.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830600/; classtype:trojan-activity;sid:83693700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.8.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830599/; classtype:trojan-activity;sid:83693699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830598)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830598/; classtype:trojan-activity;sid:83693698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830597/; classtype:trojan-activity;sid:83693697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830596)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830596/; classtype:trojan-activity;sid:83693696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830595/; classtype:trojan-activity;sid:83693695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.221.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830594/; classtype:trojan-activity;sid:83693694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.210.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830593/; classtype:trojan-activity;sid:83693693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830592)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.191.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830592/; classtype:trojan-activity;sid:83693692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830591/; classtype:trojan-activity;sid:83693691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.68.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830590/; classtype:trojan-activity;sid:83693690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.249.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830589/; classtype:trojan-activity;sid:83693689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.0.117.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830588/; classtype:trojan-activity;sid:83693688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.8.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830587/; classtype:trojan-activity;sid:83693687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.8.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830586/; classtype:trojan-activity;sid:83693686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.138"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830585/; classtype:trojan-activity;sid:83693685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.107.8.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830584/; classtype:trojan-activity;sid:83693684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830583/; classtype:trojan-activity;sid:83693683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.37.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830582/; classtype:trojan-activity;sid:83693682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.78.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830581/; classtype:trojan-activity;sid:83693681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.1.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830580/; classtype:trojan-activity;sid:83693680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.145.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830579/; classtype:trojan-activity;sid:83693679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.8.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830578/; classtype:trojan-activity;sid:83693678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830577/; classtype:trojan-activity;sid:83693677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830576/; classtype:trojan-activity;sid:83693676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.174.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830575/; classtype:trojan-activity;sid:83693675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830574)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.58.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830574/; classtype:trojan-activity;sid:83693674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830573)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.49.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830573/; classtype:trojan-activity;sid:83693673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.74.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830572/; classtype:trojan-activity;sid:83693672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830571)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.4.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830571/; classtype:trojan-activity;sid:83693671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.90.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830570/; classtype:trojan-activity;sid:83693670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830569)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.229.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830569/; classtype:trojan-activity;sid:83693669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.133.45.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830568/; classtype:trojan-activity;sid:83693668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.75.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830567/; classtype:trojan-activity;sid:83693667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.159.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830566/; classtype:trojan-activity;sid:83693666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830565)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.223.130.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830565/; classtype:trojan-activity;sid:83693665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.7.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830564/; classtype:trojan-activity;sid:83693664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830563)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.210.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830563/; classtype:trojan-activity;sid:83693663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.78.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830562/; classtype:trojan-activity;sid:83693662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830561)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830561/; classtype:trojan-activity;sid:83693661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.154.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830560/; classtype:trojan-activity;sid:83693660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.162.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830559/; classtype:trojan-activity;sid:83693659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.204.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830558/; classtype:trojan-activity;sid:83693658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.228.199.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830557/; classtype:trojan-activity;sid:83693657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830556)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.20.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830556/; classtype:trojan-activity;sid:83693656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.139.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830554/; classtype:trojan-activity;sid:83693654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.58.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830555/; classtype:trojan-activity;sid:83693655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.41.78.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830553/; classtype:trojan-activity;sid:83693653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.146.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830552/; classtype:trojan-activity;sid:83693652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.197.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830551/; classtype:trojan-activity;sid:83693651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.215.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830550/; classtype:trojan-activity;sid:83693650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.139.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830549/; classtype:trojan-activity;sid:83693649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.235.107.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830548/; classtype:trojan-activity;sid:83693648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.89.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830547/; classtype:trojan-activity;sid:83693647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.241.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830546/; classtype:trojan-activity;sid:83693646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.209.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830545/; classtype:trojan-activity;sid:83693645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830544)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.146.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830544/; classtype:trojan-activity;sid:83693644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830543)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.204.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830543/; classtype:trojan-activity;sid:83693643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.162.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830542/; classtype:trojan-activity;sid:83693642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.238.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830541/; classtype:trojan-activity;sid:83693641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830540)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.115.85.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830540/; classtype:trojan-activity;sid:83693640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.89.216.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830538/; classtype:trojan-activity;sid:83693638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830539)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.46.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830539/; classtype:trojan-activity;sid:83693639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.94.148"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830537/; classtype:trojan-activity;sid:83693637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.165.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830536/; classtype:trojan-activity;sid:83693636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830535/; classtype:trojan-activity;sid:83693635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830534)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830534/; classtype:trojan-activity;sid:83693634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.181.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830533/; classtype:trojan-activity;sid:83693633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830532/; classtype:trojan-activity;sid:83693632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.246.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830531/; classtype:trojan-activity;sid:83693631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830530/; classtype:trojan-activity;sid:83693630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830529)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.110.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830529/; classtype:trojan-activity;sid:83693629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830528)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.238.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830528/; classtype:trojan-activity;sid:83693628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830527/; classtype:trojan-activity;sid:83693627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.44.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830526/; classtype:trojan-activity;sid:83693626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830525)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830525/; classtype:trojan-activity;sid:83693625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830524)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.145.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830524/; classtype:trojan-activity;sid:83693624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830523)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.215.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830523/; classtype:trojan-activity;sid:83693623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830522)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830522/; classtype:trojan-activity;sid:83693622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.221.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830520/; classtype:trojan-activity;sid:83693620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.180.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830521/; classtype:trojan-activity;sid:83693621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.161.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830519/; classtype:trojan-activity;sid:83693619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830518)"; flow:established,from_client; content:"GET"; http_method; content:"/mariogame.dll"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.249.112.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830518/; classtype:trojan-activity;sid:83693618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.197.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830517/; classtype:trojan-activity;sid:83693617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.251.162.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830516/; classtype:trojan-activity;sid:83693616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830515/; classtype:trojan-activity;sid:83693615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830514)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830514/; classtype:trojan-activity;sid:83693614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.110.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830513/; classtype:trojan-activity;sid:83693613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.147.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830512/; classtype:trojan-activity;sid:83693612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.246.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830511/; classtype:trojan-activity;sid:83693611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.194.55.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830509/; classtype:trojan-activity;sid:83693609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.81.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830510/; classtype:trojan-activity;sid:83693610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"170.78.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830508/; classtype:trojan-activity;sid:83693608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.26.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830507/; classtype:trojan-activity;sid:83693607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.97.151.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830506/; classtype:trojan-activity;sid:83693606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.251.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830505/; classtype:trojan-activity;sid:83693605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.245.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830503/; classtype:trojan-activity;sid:83693603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830504)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.195.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830504/; classtype:trojan-activity;sid:83693604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830502)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.112.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830502/; classtype:trojan-activity;sid:83693602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830501)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.161.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830501/; classtype:trojan-activity;sid:83693601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830500/; classtype:trojan-activity;sid:83693600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830499)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/images/steam.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"ssh44.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830499/; classtype:trojan-activity;sid:83693599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.180.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830498/; classtype:trojan-activity;sid:83693598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830497)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.113.101.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830497/; classtype:trojan-activity;sid:83693597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.125.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830496/; classtype:trojan-activity;sid:83693596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830495/; classtype:trojan-activity;sid:83693595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830494)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669085554|3f|hash=egpxsxieqt0mlxty3afwlgq3zsqfxgiephozpuckdyh|7c|26|7c|dl=xqypfmrzesw44h7bhvqm829hg5dsvhfzsuazvr5qxjl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830494/; classtype:trojan-activity;sid:83693594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.246.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830493/; classtype:trojan-activity;sid:83693593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830492)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830492/; classtype:trojan-activity;sid:83693592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830491)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.34.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830491/; classtype:trojan-activity;sid:83693591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830490)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.2.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830490/; classtype:trojan-activity;sid:83693590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.26.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830489/; classtype:trojan-activity;sid:83693589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"170.78.69.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830488/; classtype:trojan-activity;sid:83693588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830487)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830487/; classtype:trojan-activity;sid:83693587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830485/; classtype:trojan-activity;sid:83693585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.112.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830486/; classtype:trojan-activity;sid:83693586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.34.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830484/; classtype:trojan-activity;sid:83693584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830483/; classtype:trojan-activity;sid:83693583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.4.196"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830482/; classtype:trojan-activity;sid:83693582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830481/; classtype:trojan-activity;sid:83693581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.100.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830478/; classtype:trojan-activity;sid:83693578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830479)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.177.180.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830479/; classtype:trojan-activity;sid:83693579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830480)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.22.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830480/; classtype:trojan-activity;sid:83693580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.36.148.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830476/; classtype:trojan-activity;sid:83693576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830477)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.27.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830477/; classtype:trojan-activity;sid:83693577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830475)"; flow:established,from_client; content:"GET"; http_method; content:"/lander/file_294/setup294.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"evangelized.sbs"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830475/; classtype:trojan-activity;sid:83693575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830473/; classtype:trojan-activity;sid:83693573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.100.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830474/; classtype:trojan-activity;sid:83693574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830472)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.12.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830472/; classtype:trojan-activity;sid:83693572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.234.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830471/; classtype:trojan-activity;sid:83693571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.73.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830469/; classtype:trojan-activity;sid:83693569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.12.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830470/; classtype:trojan-activity;sid:83693570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.142.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830468/; classtype:trojan-activity;sid:83693568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.134.173.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830467/; classtype:trojan-activity;sid:83693567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.189.245.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830466/; classtype:trojan-activity;sid:83693566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830465/; classtype:trojan-activity;sid:83693565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830464/; classtype:trojan-activity;sid:83693564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.62.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830463/; classtype:trojan-activity;sid:83693563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.179.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830462/; classtype:trojan-activity;sid:83693562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.241.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830461/; classtype:trojan-activity;sid:83693561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830460/; classtype:trojan-activity;sid:83693560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.83.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830459/; classtype:trojan-activity;sid:83693559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.47.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830458/; classtype:trojan-activity;sid:83693558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830457/; classtype:trojan-activity;sid:83693557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.189.245.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830456/; classtype:trojan-activity;sid:83693556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.47.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830455/; classtype:trojan-activity;sid:83693555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.27.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830454/; classtype:trojan-activity;sid:83693554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830453)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.210.153.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830453/; classtype:trojan-activity;sid:83693553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.91.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830452/; classtype:trojan-activity;sid:83693552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.148.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830451/; classtype:trojan-activity;sid:83693551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.222.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830450/; classtype:trojan-activity;sid:83693550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830449/; classtype:trojan-activity;sid:83693549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830448/; classtype:trojan-activity;sid:83693548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.143.171.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830447/; classtype:trojan-activity;sid:83693547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830446)"; flow:established,from_client; content:"GET"; http_method; content:"/padla/fiona.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830446/; classtype:trojan-activity;sid:83693546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.188.89.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830445/; classtype:trojan-activity;sid:83693545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.158.11.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830444/; classtype:trojan-activity;sid:83693544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.214.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830443/; classtype:trojan-activity;sid:83693543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.241.14.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830442/; classtype:trojan-activity;sid:83693542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.16.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830441/; classtype:trojan-activity;sid:83693541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.60.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830440/; classtype:trojan-activity;sid:83693540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830439)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830439/; classtype:trojan-activity;sid:83693539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.44.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830438/; classtype:trojan-activity;sid:83693538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830437)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.210.153.255"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830437/; classtype:trojan-activity;sid:83693537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.201.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830436/; classtype:trojan-activity;sid:83693536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830435/; classtype:trojan-activity;sid:83693535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.90.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830434/; classtype:trojan-activity;sid:83693534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.143.99.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830432/; classtype:trojan-activity;sid:83693532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830433)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.188.89.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830433/; classtype:trojan-activity;sid:83693533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.47.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830431/; classtype:trojan-activity;sid:83693531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830430)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.26.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830430/; classtype:trojan-activity;sid:83693530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.183.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830429/; classtype:trojan-activity;sid:83693529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"160.176.209.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830428/; classtype:trojan-activity;sid:83693528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.60.175"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830427/; classtype:trojan-activity;sid:83693527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830426/; classtype:trojan-activity;sid:83693526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.22.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830425/; classtype:trojan-activity;sid:83693525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830424/; classtype:trojan-activity;sid:83693524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.233.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830423/; classtype:trojan-activity;sid:83693523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830422)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.30.76.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830422/; classtype:trojan-activity;sid:83693522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.30.112.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830421/; classtype:trojan-activity;sid:83693521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.44.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830420/; classtype:trojan-activity;sid:83693520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.176.209.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830419/; classtype:trojan-activity;sid:83693519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830418/; classtype:trojan-activity;sid:83693518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830417)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830417/; classtype:trojan-activity;sid:83693517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.7.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830416/; classtype:trojan-activity;sid:83693516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.143.99.245"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830415/; classtype:trojan-activity;sid:83693515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830414/; classtype:trojan-activity;sid:83693514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.72.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830413/; classtype:trojan-activity;sid:83693513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.156.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830412/; classtype:trojan-activity;sid:83693512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.118.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830411/; classtype:trojan-activity;sid:83693511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.43.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830410/; classtype:trojan-activity;sid:83693510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.91.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830409/; classtype:trojan-activity;sid:83693509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.248.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830408/; classtype:trojan-activity;sid:83693508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.245.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830407/; classtype:trojan-activity;sid:83693507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.22.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830406/; classtype:trojan-activity;sid:83693506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.91.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830405/; classtype:trojan-activity;sid:83693505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830404)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.119.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830404/; classtype:trojan-activity;sid:83693504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.176.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830403/; classtype:trojan-activity;sid:83693503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.17.4"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830402/; classtype:trojan-activity;sid:83693502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.229.171.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830400/; classtype:trojan-activity;sid:83693500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.223.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830401/; classtype:trojan-activity;sid:83693501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.126.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830399/; classtype:trojan-activity;sid:83693499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830398)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830398/; classtype:trojan-activity;sid:83693498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.43.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830396/; classtype:trojan-activity;sid:83693496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830397/; classtype:trojan-activity;sid:83693497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.118.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830395/; classtype:trojan-activity;sid:83693495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830394)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.45.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830394/; classtype:trojan-activity;sid:83693494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.16.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830393/; classtype:trojan-activity;sid:83693493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.119.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830392/; classtype:trojan-activity;sid:83693492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830391)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830391/; classtype:trojan-activity;sid:83693491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.176.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830390/; classtype:trojan-activity;sid:83693490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.209.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830389/; classtype:trojan-activity;sid:83693489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.95.21.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830388/; classtype:trojan-activity;sid:83693488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830387)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.223.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830387/; classtype:trojan-activity;sid:83693487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830386/; classtype:trojan-activity;sid:83693486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830385)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.229.171.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830385/; classtype:trojan-activity;sid:83693485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830384/; classtype:trojan-activity;sid:83693484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830383/; classtype:trojan-activity;sid:83693483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830382)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830382/; classtype:trojan-activity;sid:83693482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.203.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830381/; classtype:trojan-activity;sid:83693481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.22.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830380/; classtype:trojan-activity;sid:83693480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.179.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830379/; classtype:trojan-activity;sid:83693479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830378)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.33.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830378/; classtype:trojan-activity;sid:83693478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830377/; classtype:trojan-activity;sid:83693477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830375)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.112.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830375/; classtype:trojan-activity;sid:83693475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.187.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830376/; classtype:trojan-activity;sid:83693476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830374)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669078780|3f|hash=ro6hd56v8j3ffz5mr24xxm7aaka8iznzdcz9xg8wstl|7c|26|7c|dl=soz7cdzjjfnc1eflakgrrtfyxdscsezb90sjloeaznp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830374/; classtype:trojan-activity;sid:83693474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.117.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830373/; classtype:trojan-activity;sid:83693473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830372)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.252.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830372/; classtype:trojan-activity;sid:83693472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830371)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830371/; classtype:trojan-activity;sid:83693471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.146.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830370/; classtype:trojan-activity;sid:83693470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.95.21.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830369/; classtype:trojan-activity;sid:83693469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.74.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830368/; classtype:trojan-activity;sid:83693468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.243.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830367/; classtype:trojan-activity;sid:83693467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.203.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830366/; classtype:trojan-activity;sid:83693466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830365)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.179.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830365/; classtype:trojan-activity;sid:83693465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830364)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.22.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830364/; classtype:trojan-activity;sid:83693464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830362)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xqap5p41u8di"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830362/; classtype:trojan-activity;sid:83693462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830363/; classtype:trojan-activity;sid:83693463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830361/; classtype:trojan-activity;sid:83693461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830360)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.53.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830360/; classtype:trojan-activity;sid:83693460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830359)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.59.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830359/; classtype:trojan-activity;sid:83693459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.185.232.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830358/; classtype:trojan-activity;sid:83693458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.112.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830357/; classtype:trojan-activity;sid:83693457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.104.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830356/; classtype:trojan-activity;sid:83693456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.84.159.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830355/; classtype:trojan-activity;sid:83693455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830353/; classtype:trojan-activity;sid:83693453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830354)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830354/; classtype:trojan-activity;sid:83693454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830352)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.133.45.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830352/; classtype:trojan-activity;sid:83693452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.115.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830350/; classtype:trojan-activity;sid:83693450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830351)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.175.235.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830351/; classtype:trojan-activity;sid:83693451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.228.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830349/; classtype:trojan-activity;sid:83693449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.104.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830348/; classtype:trojan-activity;sid:83693448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.74.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830347/; classtype:trojan-activity;sid:83693447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830346)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.232.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830346/; classtype:trojan-activity;sid:83693446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830345)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.202.234.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830345/; classtype:trojan-activity;sid:83693445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.172.21.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830344/; classtype:trojan-activity;sid:83693444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.243.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830343/; classtype:trojan-activity;sid:83693443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.22.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830342/; classtype:trojan-activity;sid:83693442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830341)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.48.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830341/; classtype:trojan-activity;sid:83693441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.186.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830340/; classtype:trojan-activity;sid:83693440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830339)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830339/; classtype:trojan-activity;sid:83693439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830338/; classtype:trojan-activity;sid:83693438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.177.97.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830336/; classtype:trojan-activity;sid:83693436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830337/; classtype:trojan-activity;sid:83693437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.203.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830335/; classtype:trojan-activity;sid:83693435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"49.84.159.171"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830334/; classtype:trojan-activity;sid:83693434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.28.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830333/; classtype:trojan-activity;sid:83693433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830332)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.232.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830332/; classtype:trojan-activity;sid:83693432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830331)"; flow:established,from_client; content:"GET"; http_method; content:"/about-us/js/ss/molitri.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"fragaim.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830331/; classtype:trojan-activity;sid:83693431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.177.97.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830330/; classtype:trojan-activity;sid:83693430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.95.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830329/; classtype:trojan-activity;sid:83693429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830328)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.247.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830328/; classtype:trojan-activity;sid:83693428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830327/; classtype:trojan-activity;sid:83693427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830326)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.143.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830326/; classtype:trojan-activity;sid:83693426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.47.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830325/; classtype:trojan-activity;sid:83693425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830324)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.232.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830324/; classtype:trojan-activity;sid:83693424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.170.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830323/; classtype:trojan-activity;sid:83693423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830322)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.234.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830322/; classtype:trojan-activity;sid:83693422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830321/; classtype:trojan-activity;sid:83693421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830320/; classtype:trojan-activity;sid:83693420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830319/; classtype:trojan-activity;sid:83693419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830317)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.202.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830317/; classtype:trojan-activity;sid:83693417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.203.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830318/; classtype:trojan-activity;sid:83693418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830316/; classtype:trojan-activity;sid:83693416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830315/; classtype:trojan-activity;sid:83693415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.0.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830314/; classtype:trojan-activity;sid:83693414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.70.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830313/; classtype:trojan-activity;sid:83693413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.66.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830312/; classtype:trojan-activity;sid:83693412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830311)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.93.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830311/; classtype:trojan-activity;sid:83693411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.47.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830310/; classtype:trojan-activity;sid:83693410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.22.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830309/; classtype:trojan-activity;sid:83693409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.70.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830308/; classtype:trojan-activity;sid:83693408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.59.23.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830307/; classtype:trojan-activity;sid:83693407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.184.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830306/; classtype:trojan-activity;sid:83693406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830305/; classtype:trojan-activity;sid:83693405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830304)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.47.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830304/; classtype:trojan-activity;sid:83693404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830303)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.0.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830303/; classtype:trojan-activity;sid:83693403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.73.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830302/; classtype:trojan-activity;sid:83693402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.140"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830301/; classtype:trojan-activity;sid:83693401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.138.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830300/; classtype:trojan-activity;sid:83693400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830299)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669074803|3f|hash=gtxjyddukaikxlwy09aijpg5gj5trtjhovyhzgbp72o|7c|26|7c|dl=a9s6lampuqcyacgxt0hxzf0mvabjbv8eilyefae3tsw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830299/; classtype:trojan-activity;sid:83693399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830298)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.235.157.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830298/; classtype:trojan-activity;sid:83693398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830297/; classtype:trojan-activity;sid:83693397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.34.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830295/; classtype:trojan-activity;sid:83693395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.109.182.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830296/; classtype:trojan-activity;sid:83693396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.206.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830294/; classtype:trojan-activity;sid:83693394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830293)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.107.16.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830293/; classtype:trojan-activity;sid:83693393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830292)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.141.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830292/; classtype:trojan-activity;sid:83693392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830291)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.55.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830291/; classtype:trojan-activity;sid:83693391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.59.23.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830290/; classtype:trojan-activity;sid:83693390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.119.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830289/; classtype:trojan-activity;sid:83693389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.73.135"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830288/; classtype:trojan-activity;sid:83693388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.47.146"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830287/; classtype:trojan-activity;sid:83693387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.225.165.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830286/; classtype:trojan-activity;sid:83693386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830285)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.39.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830285/; classtype:trojan-activity;sid:83693385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.235.157.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830284/; classtype:trojan-activity;sid:83693384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.183.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830283/; classtype:trojan-activity;sid:83693383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.0.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830282/; classtype:trojan-activity;sid:83693382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830281/; classtype:trojan-activity;sid:83693381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830280)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.107.16.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830280/; classtype:trojan-activity;sid:83693380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830279/; classtype:trojan-activity;sid:83693379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.210.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830278/; classtype:trojan-activity;sid:83693378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.11.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830277/; classtype:trojan-activity;sid:83693377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.47.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830276/; classtype:trojan-activity;sid:83693376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.225.165.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830275/; classtype:trojan-activity;sid:83693375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.119.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830274/; classtype:trojan-activity;sid:83693374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830273)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830273/; classtype:trojan-activity;sid:83693373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.122.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830272/; classtype:trojan-activity;sid:83693372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.22.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830271/; classtype:trojan-activity;sid:83693371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.149.165.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830270/; classtype:trojan-activity;sid:83693370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.180.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830269/; classtype:trojan-activity;sid:83693369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.35.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830268/; classtype:trojan-activity;sid:83693368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.1.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830267/; classtype:trojan-activity;sid:83693367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.209.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830265/; classtype:trojan-activity;sid:83693365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.113.101.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830266/; classtype:trojan-activity;sid:83693366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.191.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830264/; classtype:trojan-activity;sid:83693364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.122.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830263/; classtype:trojan-activity;sid:83693363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.187.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830262/; classtype:trojan-activity;sid:83693362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.210.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830261/; classtype:trojan-activity;sid:83693361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.108.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830260/; classtype:trojan-activity;sid:83693360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.197.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830259/; classtype:trojan-activity;sid:83693359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.30.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830258/; classtype:trojan-activity;sid:83693358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830257)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830257/; classtype:trojan-activity;sid:83693357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.35.29"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830256/; classtype:trojan-activity;sid:83693356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.50.0"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830252/; classtype:trojan-activity;sid:83693352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830253)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.61.88.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830253/; classtype:trojan-activity;sid:83693353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.95.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830254/; classtype:trojan-activity;sid:83693354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830255)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.108.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830255/; classtype:trojan-activity;sid:83693355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.192.207.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830251/; classtype:trojan-activity;sid:83693351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.239.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830250/; classtype:trojan-activity;sid:83693350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830249/; classtype:trojan-activity;sid:83693349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830248)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.39.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830248/; classtype:trojan-activity;sid:83693348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830246)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.57.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830246/; classtype:trojan-activity;sid:83693346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.181.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830247/; classtype:trojan-activity;sid:83693347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830245)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.49.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830245/; classtype:trojan-activity;sid:83693345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.239.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830243/; classtype:trojan-activity;sid:83693343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830244)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.202.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830244/; classtype:trojan-activity;sid:83693344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"187.61.88.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830242/; classtype:trojan-activity;sid:83693342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.188.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830241/; classtype:trojan-activity;sid:83693341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.57.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830240/; classtype:trojan-activity;sid:83693340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.232.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830239/; classtype:trojan-activity;sid:83693339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.201.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830238/; classtype:trojan-activity;sid:83693338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.250.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830236/; classtype:trojan-activity;sid:83693336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.90.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830237/; classtype:trojan-activity;sid:83693337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.69.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830235/; classtype:trojan-activity;sid:83693335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.72.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830234/; classtype:trojan-activity;sid:83693334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.218.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830233/; classtype:trojan-activity;sid:83693333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.7.158"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830232/; classtype:trojan-activity;sid:83693332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.148.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830231/; classtype:trojan-activity;sid:83693331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830230/; classtype:trojan-activity;sid:83693330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.193.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830229/; classtype:trojan-activity;sid:83693329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830228/; classtype:trojan-activity;sid:83693328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.26.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830227/; classtype:trojan-activity;sid:83693327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.69.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830226/; classtype:trojan-activity;sid:83693326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.90.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830225/; classtype:trojan-activity;sid:83693325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.162.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830224/; classtype:trojan-activity;sid:83693324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.107.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830223/; classtype:trojan-activity;sid:83693323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.74.59.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830222/; classtype:trojan-activity;sid:83693322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.72.237"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830221/; classtype:trojan-activity;sid:83693321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.229.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830220/; classtype:trojan-activity;sid:83693320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.215.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830219/; classtype:trojan-activity;sid:83693319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.26.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830218/; classtype:trojan-activity;sid:83693318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.44.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830217/; classtype:trojan-activity;sid:83693317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.17.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830216/; classtype:trojan-activity;sid:83693316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830215)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.92.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830215/; classtype:trojan-activity;sid:83693315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.189.204"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830214/; classtype:trojan-activity;sid:83693314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.217.47"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830213/; classtype:trojan-activity;sid:83693313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.69.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830212/; classtype:trojan-activity;sid:83693312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830211)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.66.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830211/; classtype:trojan-activity;sid:83693311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830210)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.217.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830210/; classtype:trojan-activity;sid:83693310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830209)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830209/; classtype:trojan-activity;sid:83693309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.193.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830208/; classtype:trojan-activity;sid:83693308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.162.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830207/; classtype:trojan-activity;sid:83693307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.107.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830206/; classtype:trojan-activity;sid:83693306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830205/; classtype:trojan-activity;sid:83693305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830204)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.1.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830204/; classtype:trojan-activity;sid:83693304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.58.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830203/; classtype:trojan-activity;sid:83693303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830202/; classtype:trojan-activity;sid:83693302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830201)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.3.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830201/; classtype:trojan-activity;sid:83693301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.124.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830200/; classtype:trojan-activity;sid:83693300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.48.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830199/; classtype:trojan-activity;sid:83693299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.5.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830198/; classtype:trojan-activity;sid:83693298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830197/; classtype:trojan-activity;sid:83693297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.193.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830196/; classtype:trojan-activity;sid:83693296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830194/; classtype:trojan-activity;sid:83693294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830195/; classtype:trojan-activity;sid:83693295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.185.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830193/; classtype:trojan-activity;sid:83693293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.5.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830192/; classtype:trojan-activity;sid:83693292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830191)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.134.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830191/; classtype:trojan-activity;sid:83693291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.51.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830190/; classtype:trojan-activity;sid:83693290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.152.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830189/; classtype:trojan-activity;sid:83693289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830188)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830188/; classtype:trojan-activity;sid:83693288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830187)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830187/; classtype:trojan-activity;sid:83693287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830186)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830186/; classtype:trojan-activity;sid:83693286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830184)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830184/; classtype:trojan-activity;sid:83693284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830185)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830185/; classtype:trojan-activity;sid:83693285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830178)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830178/; classtype:trojan-activity;sid:83693278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830179)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830179/; classtype:trojan-activity;sid:83693279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830180)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830180/; classtype:trojan-activity;sid:83693280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830181)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830181/; classtype:trojan-activity;sid:83693281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830182)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830182/; classtype:trojan-activity;sid:83693282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830183)"; flow:established,from_client; content:"GET"; http_method; content:"/0xh0roxxnavebusyoo.x86"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830183/; classtype:trojan-activity;sid:83693283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830173)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830173/; classtype:trojan-activity;sid:83693273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830174)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830174/; classtype:trojan-activity;sid:83693274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830175)"; flow:established,from_client; content:"GET"; http_method; content:"/mipst"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830175/; classtype:trojan-activity;sid:83693275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830176)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830176/; classtype:trojan-activity;sid:83693276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830177)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.armv4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830177/; classtype:trojan-activity;sid:83693277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830168)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.54.51.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830168/; classtype:trojan-activity;sid:83693268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830169)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830169/; classtype:trojan-activity;sid:83693269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830170)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830170/; classtype:trojan-activity;sid:83693270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830171)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830171/; classtype:trojan-activity;sid:83693271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830172)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830172/; classtype:trojan-activity;sid:83693272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830164)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830164/; classtype:trojan-activity;sid:83693264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830165)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830165/; classtype:trojan-activity;sid:83693265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830166)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.arm4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830166/; classtype:trojan-activity;sid:83693266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830167)"; flow:established,from_client; content:"GET"; http_method; content:"/f2q2kke5aadloo4aasdjjjfirbmw/0xh0roxxnavebusyoo.x86"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830167/; classtype:trojan-activity;sid:83693267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830162)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830162/; classtype:trojan-activity;sid:83693262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86_64"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830163/; classtype:trojan-activity;sid:83693263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830157)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830157/; classtype:trojan-activity;sid:83693257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830158)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830158/; classtype:trojan-activity;sid:83693258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830159)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830159/; classtype:trojan-activity;sid:83693259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830160/; classtype:trojan-activity;sid:83693260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830161)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830161/; classtype:trojan-activity;sid:83693261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830156)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830156/; classtype:trojan-activity;sid:83693256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830155)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830155/; classtype:trojan-activity;sid:83693255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830153)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830153/; classtype:trojan-activity;sid:83693253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830154)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4t"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830154/; classtype:trojan-activity;sid:83693254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830149)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"156.251.19.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830149/; classtype:trojan-activity;sid:83693249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830150)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830150/; classtype:trojan-activity;sid:83693250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830151)"; flow:established,from_client; content:"GET"; http_method; content:"/x"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.158.9.58"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830151/; classtype:trojan-activity;sid:83693251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830152)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830152/; classtype:trojan-activity;sid:83693252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830146)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830146/; classtype:trojan-activity;sid:83693246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830147)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830147/; classtype:trojan-activity;sid:83693247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830148)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830148/; classtype:trojan-activity;sid:83693248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830143)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830143/; classtype:trojan-activity;sid:83693243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830144)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830144/; classtype:trojan-activity;sid:83693244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830145)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830145/; classtype:trojan-activity;sid:83693245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830141)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.arm4t"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830141/; classtype:trojan-activity;sid:83693241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830142)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830142/; classtype:trojan-activity;sid:83693242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830138)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830138/; classtype:trojan-activity;sid:83693238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830139)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830139/; classtype:trojan-activity;sid:83693239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830140)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830140/; classtype:trojan-activity;sid:83693240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830133)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830133/; classtype:trojan-activity;sid:83693233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830134)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830134/; classtype:trojan-activity;sid:83693234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830135)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.142.104.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830135/; classtype:trojan-activity;sid:83693235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830136)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.i686"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830136/; classtype:trojan-activity;sid:83693236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830137)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.armv5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830137/; classtype:trojan-activity;sid:83693237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830128)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.i686"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830128/; classtype:trojan-activity;sid:83693228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830129)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830129/; classtype:trojan-activity;sid:83693229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830130)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830130/; classtype:trojan-activity;sid:83693230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830131)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830131/; classtype:trojan-activity;sid:83693231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830132)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830132/; classtype:trojan-activity;sid:83693232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830127)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830127/; classtype:trojan-activity;sid:83693227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830125)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830125/; classtype:trojan-activity;sid:83693225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830126)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830126/; classtype:trojan-activity;sid:83693226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830122)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830122/; classtype:trojan-activity;sid:83693222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830123)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830123/; classtype:trojan-activity;sid:83693223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830124)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830124/; classtype:trojan-activity;sid:83693224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830117)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830117/; classtype:trojan-activity;sid:83693217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830118)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830118/; classtype:trojan-activity;sid:83693218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830119)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830119/; classtype:trojan-activity;sid:83693219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830120)"; flow:established,from_client; content:"GET"; http_method; content:"/tm68k"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830120/; classtype:trojan-activity;sid:83693220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830121)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830121/; classtype:trojan-activity;sid:83693221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830115)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830115/; classtype:trojan-activity;sid:83693215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830116)"; flow:established,from_client; content:"GET"; http_method; content:"/perppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830116/; classtype:trojan-activity;sid:83693216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830111)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830111/; classtype:trojan-activity;sid:83693211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830112)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830112/; classtype:trojan-activity;sid:83693212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830113/; classtype:trojan-activity;sid:83693213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830114/; classtype:trojan-activity;sid:83693214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830107)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830107/; classtype:trojan-activity;sid:83693207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830108)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.i586"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830108/; classtype:trojan-activity;sid:83693208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830109)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830109/; classtype:trojan-activity;sid:83693209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830110)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830110/; classtype:trojan-activity;sid:83693210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830105)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830105/; classtype:trojan-activity;sid:83693205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830106)"; flow:established,from_client; content:"GET"; http_method; content:"/permips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830106/; classtype:trojan-activity;sid:83693206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830100)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830100/; classtype:trojan-activity;sid:83693200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830101)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830101/; classtype:trojan-activity;sid:83693201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830102)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830102/; classtype:trojan-activity;sid:83693202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830103)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830103/; classtype:trojan-activity;sid:83693203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830104)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830104/; classtype:trojan-activity;sid:83693204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830099)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830099/; classtype:trojan-activity;sid:83693199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830095)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830095/; classtype:trojan-activity;sid:83693195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830096)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830096/; classtype:trojan-activity;sid:83693196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830097)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.sparc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830097/; classtype:trojan-activity;sid:83693197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830098)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830098/; classtype:trojan-activity;sid:83693198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830091)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830091/; classtype:trojan-activity;sid:83693191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830092)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830092/; classtype:trojan-activity;sid:83693192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830093)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830093/; classtype:trojan-activity;sid:83693193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830094)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830094/; classtype:trojan-activity;sid:83693194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830088)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830088/; classtype:trojan-activity;sid:83693188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830089)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830089/; classtype:trojan-activity;sid:83693189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830090)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830090/; classtype:trojan-activity;sid:83693190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830086)"; flow:established,from_client; content:"GET"; http_method; content:"/roze.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830086/; classtype:trojan-activity;sid:83693186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830087)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.66.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830087/; classtype:trojan-activity;sid:83693187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830083)"; flow:established,from_client; content:"GET"; http_method; content:"/perspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830083/; classtype:trojan-activity;sid:83693183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830084)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830084/; classtype:trojan-activity;sid:83693184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830085)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830085/; classtype:trojan-activity;sid:83693185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830079)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830079/; classtype:trojan-activity;sid:83693179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830080)"; flow:established,from_client; content:"GET"; http_method; content:"/zk.m68"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"5.253.246.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830080/; classtype:trojan-activity;sid:83693180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830081)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830081/; classtype:trojan-activity;sid:83693181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830082)"; flow:established,from_client; content:"GET"; http_method; content:"/permpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830082/; classtype:trojan-activity;sid:83693182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830076)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830076/; classtype:trojan-activity;sid:83693176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830077)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"93.123.85.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830077/; classtype:trojan-activity;sid:83693177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830078)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830078/; classtype:trojan-activity;sid:83693178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830073)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830073/; classtype:trojan-activity;sid:83693173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830074)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.sparc"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830074/; classtype:trojan-activity;sid:83693174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830075)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830075/; classtype:trojan-activity;sid:83693175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830070)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830070/; classtype:trojan-activity;sid:83693170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830071)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830071/; classtype:trojan-activity;sid:83693171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830072)"; flow:established,from_client; content:"GET"; http_method; content:"/skidtest"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830072/; classtype:trojan-activity;sid:83693172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830066)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830066/; classtype:trojan-activity;sid:83693166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830067)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830067/; classtype:trojan-activity;sid:83693167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830068)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830068/; classtype:trojan-activity;sid:83693168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830069)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830069/; classtype:trojan-activity;sid:83693169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830062)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830062/; classtype:trojan-activity;sid:83693162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830063)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830063/; classtype:trojan-activity;sid:83693163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830064)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830064/; classtype:trojan-activity;sid:83693164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830065)"; flow:established,from_client; content:"GET"; http_method; content:"/perm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830065/; classtype:trojan-activity;sid:83693165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830058)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830058/; classtype:trojan-activity;sid:83693158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830059)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"93.123.85.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830059/; classtype:trojan-activity;sid:83693159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830060)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830060/; classtype:trojan-activity;sid:83693160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830061)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.102.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830061/; classtype:trojan-activity;sid:83693161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830056)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.arm4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830056/; classtype:trojan-activity;sid:83693156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830057)"; flow:established,from_client; content:"GET"; http_method; content:"/hidakibest.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.79.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830057/; classtype:trojan-activity;sid:83693157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830055/; classtype:trojan-activity;sid:83693155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.32.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830054/; classtype:trojan-activity;sid:83693154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.156.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830053/; classtype:trojan-activity;sid:83693153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830052)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830052/; classtype:trojan-activity;sid:83693152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.46.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830051/; classtype:trojan-activity;sid:83693151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.152.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830049/; classtype:trojan-activity;sid:83693149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830050)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.44.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830050/; classtype:trojan-activity;sid:83693150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830048)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.160.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830048/; classtype:trojan-activity;sid:83693148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830047)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830047/; classtype:trojan-activity;sid:83693147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.104.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830046/; classtype:trojan-activity;sid:83693146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830045)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830045/; classtype:trojan-activity;sid:83693145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.235.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830044/; classtype:trojan-activity;sid:83693144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.107.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830042/; classtype:trojan-activity;sid:83693142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.109.205.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830043/; classtype:trojan-activity;sid:83693143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.70.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830041/; classtype:trojan-activity;sid:83693141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.79.96.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830040/; classtype:trojan-activity;sid:83693140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.185.16.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830039/; classtype:trojan-activity;sid:83693139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830038)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.46.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830038/; classtype:trojan-activity;sid:83693138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.47.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830037/; classtype:trojan-activity;sid:83693137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830036/; classtype:trojan-activity;sid:83693136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.54.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830035/; classtype:trojan-activity;sid:83693135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830034)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.131.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830034/; classtype:trojan-activity;sid:83693134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830033)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.104.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830033/; classtype:trojan-activity;sid:83693133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.231.203.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830032/; classtype:trojan-activity;sid:83693132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.28.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830031/; classtype:trojan-activity;sid:83693131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.156.224"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830030/; classtype:trojan-activity;sid:83693130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.254.98.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830029/; classtype:trojan-activity;sid:83693129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.96.16"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830028/; classtype:trojan-activity;sid:83693128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830027)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.234.125.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830027/; classtype:trojan-activity;sid:83693127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.82.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830026/; classtype:trojan-activity;sid:83693126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830025)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.100.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830025/; classtype:trojan-activity;sid:83693125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830024/; classtype:trojan-activity;sid:83693124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.246.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830023/; classtype:trojan-activity;sid:83693123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830022)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830022/; classtype:trojan-activity;sid:83693122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830021)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.254.98.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830021/; classtype:trojan-activity;sid:83693121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830020)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.28.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830020/; classtype:trojan-activity;sid:83693120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830019)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.168.190.101"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830019/; classtype:trojan-activity;sid:83693119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.16.234.149"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830018/; classtype:trojan-activity;sid:83693118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830017)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.53.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830017/; classtype:trojan-activity;sid:83693117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.210.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830016/; classtype:trojan-activity;sid:83693116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830015)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.174.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830015/; classtype:trojan-activity;sid:83693115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.100.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830014/; classtype:trojan-activity;sid:83693114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.22.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830013/; classtype:trojan-activity;sid:83693113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830012)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.205.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830012/; classtype:trojan-activity;sid:83693112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.93.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830011/; classtype:trojan-activity;sid:83693111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830010/; classtype:trojan-activity;sid:83693110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.4.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830009/; classtype:trojan-activity;sid:83693109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830008)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830008/; classtype:trojan-activity;sid:83693108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.240.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830007/; classtype:trojan-activity;sid:83693107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.122.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830006/; classtype:trojan-activity;sid:83693106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830005/; classtype:trojan-activity;sid:83693105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830004)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.22.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830004/; classtype:trojan-activity;sid:83693104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830002)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.166.184.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830002/; classtype:trojan-activity;sid:83693102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830003)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.166.184.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830003/; classtype:trojan-activity;sid:83693103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830001)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.162.14.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830001/; classtype:trojan-activity;sid:83693101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2830000)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2830000/; classtype:trojan-activity;sid:83693100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.215.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829999/; classtype:trojan-activity;sid:83693099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829998)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.122.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829998/; classtype:trojan-activity;sid:83693098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829997)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.205.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829997/; classtype:trojan-activity;sid:83693097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829996/; classtype:trojan-activity;sid:83693096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829995)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.93.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829995/; classtype:trojan-activity;sid:83693095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829994)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669064882|3f|hash=jbszvjtabfdpa3nlcnl8ohpq6osdsuytzxolwdxtf9w|7c|26|7c|dl=wyg1ybmdltpymrfrj9e1wzjt5vzveleppvz2aiu3utp|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829994/; classtype:trojan-activity;sid:83693094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829993)"; flow:established,from_client; content:"GET"; http_method; content:"/tech/1.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ra-ftp.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829993/; classtype:trojan-activity;sid:83693093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829990)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829990/; classtype:trojan-activity;sid:83693090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829991)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829991/; classtype:trojan-activity;sid:83693091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.203.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829992/; classtype:trojan-activity;sid:83693092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829989)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.36.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829989/; classtype:trojan-activity;sid:83693089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.110.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829988/; classtype:trojan-activity;sid:83693088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829986)"; flow:established,from_client; content:"GET"; http_method; content:"/spondulix.aaf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829986/; classtype:trojan-activity;sid:83693086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829987)"; flow:established,from_client; content:"GET"; http_method; content:"/alkoholtesterne.inf"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829987/; classtype:trojan-activity;sid:83693087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829983)"; flow:established,from_client; content:"GET"; http_method; content:"/zojmiqalg175.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829983/; classtype:trojan-activity;sid:83693083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829984)"; flow:established,from_client; content:"GET"; http_method; content:"/dataindsamlingsmetode.aaf"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829984/; classtype:trojan-activity;sid:83693084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829985)"; flow:established,from_client; content:"GET"; http_method; content:"/rcesemzzxcbmuxrajxwefbc103.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829985/; classtype:trojan-activity;sid:83693085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829982/; classtype:trojan-activity;sid:83693082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829981)"; flow:established,from_client; content:"GET"; http_method; content:"/quinquevirs.snp"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.176.113.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829981/; classtype:trojan-activity;sid:83693081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829980)"; flow:established,from_client; content:"GET"; http_method; content:"/tbxbwkgeplxkoa249.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"103.176.113.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829980/; classtype:trojan-activity;sid:83693080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829979)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829979/; classtype:trojan-activity;sid:83693079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829978)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.240.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829978/; classtype:trojan-activity;sid:83693078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829976)"; flow:established,from_client; content:"GET"; http_method; content:"/hzcpkodrhc240.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"193.239.86.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829976/; classtype:trojan-activity;sid:83693076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829977)"; flow:established,from_client; content:"GET"; http_method; content:"/xwjph99.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.239.86.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829977/; classtype:trojan-activity;sid:83693077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829975)"; flow:established,from_client; content:"GET"; http_method; content:"/smhtrkojczympisfmulhi11.bin"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"park-your-track.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829975/; classtype:trojan-activity;sid:83693075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829973)"; flow:established,from_client; content:"GET"; http_method; content:"/fisjjflno136.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"park-your-track.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829973/; classtype:trojan-activity;sid:83693073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829974)"; flow:established,from_client; content:"GET"; http_method; content:"/gmfevnelsd168.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"park-your-track.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829974/; classtype:trojan-activity;sid:83693074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829970)"; flow:established,from_client; content:"GET"; http_method; content:"/buightcqrjhlpgdsxlwhfq10.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.78.103.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829970/; classtype:trojan-activity;sid:83693070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829971)"; flow:established,from_client; content:"GET"; http_method; content:"/zxgbvlunubxakgmwntiasqqvpkm94.bin"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.78.103.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829971/; classtype:trojan-activity;sid:83693071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829972)"; flow:established,from_client; content:"GET"; http_method; content:"/segregeringers.asd"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"147.78.103.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829972/; classtype:trojan-activity;sid:83693072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829969)"; flow:established,from_client; content:"GET"; http_method; content:"/lxazjjlvczlq55.bin"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"209.90.234.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829969/; classtype:trojan-activity;sid:83693069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829968)"; flow:established,from_client; content:"GET"; http_method; content:"/qplxncrktklyleb160.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"209.90.234.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829968/; classtype:trojan-activity;sid:83693068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829965)"; flow:established,from_client; content:"GET"; http_method; content:"/tilsudlet.deploy"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"94.156.8.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829965/; classtype:trojan-activity;sid:83693065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829966)"; flow:established,from_client; content:"GET"; http_method; content:"/aksgrsserne.inf"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"94.156.8.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829966/; classtype:trojan-activity;sid:83693066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829967)"; flow:established,from_client; content:"GET"; http_method; content:"/yhhzznqaepdsuakafmhwn151.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"94.156.8.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829967/; classtype:trojan-activity;sid:83693067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829964/; classtype:trojan-activity;sid:83693064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829963)"; flow:established,from_client; content:"GET"; http_method; content:"/saltss127.rar"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829963/; classtype:trojan-activity;sid:83693063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829958)"; flow:established,from_client; content:"GET"; http_method; content:"/domkapitler.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829958/; classtype:trojan-activity;sid:83693058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829959)"; flow:established,from_client; content:"GET"; http_method; content:"/punktet.hhp"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829959/; classtype:trojan-activity;sid:83693059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829960)"; flow:established,from_client; content:"GET"; http_method; content:"/acariatre43.chm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829960/; classtype:trojan-activity;sid:83693060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829961)"; flow:established,from_client; content:"GET"; http_method; content:"/akaudbtg140.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829961/; classtype:trojan-activity;sid:83693061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829962)"; flow:established,from_client; content:"GET"; http_method; content:"/nsxykhcjvipiukye4.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829962/; classtype:trojan-activity;sid:83693062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829957)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.154.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829957/; classtype:trojan-activity;sid:83693057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829956)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.216.254.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829956/; classtype:trojan-activity;sid:83693056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.214.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829955/; classtype:trojan-activity;sid:83693055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829954)"; flow:established,from_client; content:"GET"; http_method; content:"/yz/panel/uploads/zobhihjlsgy.wav"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"aideca.org.pe"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829954/; classtype:trojan-activity;sid:83693054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829953)"; flow:established,from_client; content:"GET"; http_method; content:"/vgolkc42.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"146.70.113.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829953/; classtype:trojan-activity;sid:83693053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829951)"; flow:established,from_client; content:"GET"; http_method; content:"/akmbts190.bin"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"172.93.222.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829951/; classtype:trojan-activity;sid:83693051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829952)"; flow:established,from_client; content:"GET"; http_method; content:"/qcrndhtadifkzfqh172.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"172.93.222.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829952/; classtype:trojan-activity;sid:83693052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829950/; classtype:trojan-activity;sid:83693050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829949/; classtype:trojan-activity;sid:83693049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.96.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829948/; classtype:trojan-activity;sid:83693048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.203.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829947/; classtype:trojan-activity;sid:83693047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.67.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829945/; classtype:trojan-activity;sid:83693045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.53.154.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829946/; classtype:trojan-activity;sid:83693046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.230.243.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829944/; classtype:trojan-activity;sid:83693044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.176.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829942/; classtype:trojan-activity;sid:83693042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829943/; classtype:trojan-activity;sid:83693043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.235.215.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829941/; classtype:trojan-activity;sid:83693041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"47.231.98.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829940/; classtype:trojan-activity;sid:83693040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.41.78.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829939/; classtype:trojan-activity;sid:83693039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.242.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829938/; classtype:trojan-activity;sid:83693038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.208.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829937/; classtype:trojan-activity;sid:83693037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.242.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829936/; classtype:trojan-activity;sid:83693036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.147.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829935/; classtype:trojan-activity;sid:83693035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.222.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829934/; classtype:trojan-activity;sid:83693034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.254.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829933/; classtype:trojan-activity;sid:83693033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.195.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829932/; classtype:trojan-activity;sid:83693032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829931/; classtype:trojan-activity;sid:83693031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829930)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829930/; classtype:trojan-activity;sid:83693030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.254.178.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829928/; classtype:trojan-activity;sid:83693028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829929)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.147.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829929/; classtype:trojan-activity;sid:83693029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.213.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829927/; classtype:trojan-activity;sid:83693027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829926)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.149.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829926/; classtype:trojan-activity;sid:83693026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829925)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.162.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829925/; classtype:trojan-activity;sid:83693025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.59.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829924/; classtype:trojan-activity;sid:83693024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829923)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.111.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829923/; classtype:trojan-activity;sid:83693023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.124.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829922/; classtype:trojan-activity;sid:83693022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829921)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.194.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829921/; classtype:trojan-activity;sid:83693021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.255.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829920/; classtype:trojan-activity;sid:83693020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.242.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829918/; classtype:trojan-activity;sid:83693018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.191.137.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829917/; classtype:trojan-activity;sid:83693017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829916)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829916/; classtype:trojan-activity;sid:83693016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.111.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829915/; classtype:trojan-activity;sid:83693015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829914)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829914/; classtype:trojan-activity;sid:83693014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.212.57.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829913/; classtype:trojan-activity;sid:83693013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829912)"; flow:established,from_client; content:"GET"; http_method; content:"/902e53a07830e030.php"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829912/; classtype:trojan-activity;sid:83693012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.210.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829911/; classtype:trojan-activity;sid:83693011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.180.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829910/; classtype:trojan-activity;sid:83693010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.48.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829909/; classtype:trojan-activity;sid:83693009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829908)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.222.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829908/; classtype:trojan-activity;sid:83693008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829907)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829907/; classtype:trojan-activity;sid:83693007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.247.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829906/; classtype:trojan-activity;sid:83693006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.87.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829903/; classtype:trojan-activity;sid:83693003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829904)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.239.38.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829904/; classtype:trojan-activity;sid:83693004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829902)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.46.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829902/; classtype:trojan-activity;sid:83693002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.44.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829901/; classtype:trojan-activity;sid:83693001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.111.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829900/; classtype:trojan-activity;sid:83693000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829899/; classtype:trojan-activity;sid:83692999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829898)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.59.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829898/; classtype:trojan-activity;sid:83692998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829897/; classtype:trojan-activity;sid:83692997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.188.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829896/; classtype:trojan-activity;sid:83692996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.124.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829895/; classtype:trojan-activity;sid:83692995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829894/; classtype:trojan-activity;sid:83692994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.214.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829893/; classtype:trojan-activity;sid:83692993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.141.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829892/; classtype:trojan-activity;sid:83692992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.57.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829891/; classtype:trojan-activity;sid:83692991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.152.208.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829890/; classtype:trojan-activity;sid:83692990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829889/; classtype:trojan-activity;sid:83692989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829887)"; flow:established,from_client; content:"GET"; http_method; content:"/d/tyrvn"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829887/; classtype:trojan-activity;sid:83692987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829888)"; flow:established,from_client; content:"GET"; http_method; content:"/d/vdra0"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829888/; classtype:trojan-activity;sid:83692988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829886)"; flow:established,from_client; content:"GET"; http_method; content:"/a/windows.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"s2r.tn"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829886/; classtype:trojan-activity;sid:83692986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.246.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829884/; classtype:trojan-activity;sid:83692984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829885)"; flow:established,from_client; content:"GET"; http_method; content:"/d/kotbb"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"paste.ee"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829885/; classtype:trojan-activity;sid:83692985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829883/; classtype:trojan-activity;sid:83692983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.63.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829882/; classtype:trojan-activity;sid:83692982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829881)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829881/; classtype:trojan-activity;sid:83692981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829880)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829880/; classtype:trojan-activity;sid:83692980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.22.149"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829879/; classtype:trojan-activity;sid:83692979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.159.4.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829877/; classtype:trojan-activity;sid:83692977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.82.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829878/; classtype:trojan-activity;sid:83692978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.78.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829876/; classtype:trojan-activity;sid:83692976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.223.106.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829875/; classtype:trojan-activity;sid:83692975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.57.234"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829874/; classtype:trojan-activity;sid:83692974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.0.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829873/; classtype:trojan-activity;sid:83692973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.69.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829872/; classtype:trojan-activity;sid:83692972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.246.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829871/; classtype:trojan-activity;sid:83692971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.159.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829870/; classtype:trojan-activity;sid:83692970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829869)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.161.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829869/; classtype:trojan-activity;sid:83692969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.159.4.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829868/; classtype:trojan-activity;sid:83692968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829866)"; flow:established,from_client; content:"GET"; http_method; content:"/quasarlantest.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fluggis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829866/; classtype:trojan-activity;sid:83692966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.30.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829867/; classtype:trojan-activity;sid:83692967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829864)"; flow:established,from_client; content:"GET"; http_method; content:"/lssatcp64.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"fluggis.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829864/; classtype:trojan-activity;sid:83692964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.12.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829865/; classtype:trojan-activity;sid:83692965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.225"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829863/; classtype:trojan-activity;sid:83692963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829861)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.82.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829861/; classtype:trojan-activity;sid:83692961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.112"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829862/; classtype:trojan-activity;sid:83692962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.8.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829860/; classtype:trojan-activity;sid:83692960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829859)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.86.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829859/; classtype:trojan-activity;sid:83692959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829858)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.127.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829858/; classtype:trojan-activity;sid:83692958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.143.171.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829857/; classtype:trojan-activity;sid:83692957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829856/; classtype:trojan-activity;sid:83692956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.191.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829855/; classtype:trojan-activity;sid:83692955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829850)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829850/; classtype:trojan-activity;sid:83692950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829851)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829851/; classtype:trojan-activity;sid:83692951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829852)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829852/; classtype:trojan-activity;sid:83692952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829853)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829853/; classtype:trojan-activity;sid:83692953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829849)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829849/; classtype:trojan-activity;sid:83692949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829847)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829847/; classtype:trojan-activity;sid:83692947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829848)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"139.60.162.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829848/; classtype:trojan-activity;sid:83692948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829845)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829845/; classtype:trojan-activity;sid:83692945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829846)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829846/; classtype:trojan-activity;sid:83692946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829844)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829844/; classtype:trojan-activity;sid:83692944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829843)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829843/; classtype:trojan-activity;sid:83692943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829842)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829842/; classtype:trojan-activity;sid:83692942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829839)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829839/; classtype:trojan-activity;sid:83692939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829838)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829838/; classtype:trojan-activity;sid:83692938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829835)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829835/; classtype:trojan-activity;sid:83692935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829836)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829836/; classtype:trojan-activity;sid:83692936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829837)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829837/; classtype:trojan-activity;sid:83692937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829834)"; flow:established,from_client; content:"GET"; http_method; content:"/0cb78a92c463a69f/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829834/; classtype:trojan-activity;sid:83692934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829825)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829825/; classtype:trojan-activity;sid:83692925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829826)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829826/; classtype:trojan-activity;sid:83692926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829827)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829827/; classtype:trojan-activity;sid:83692927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829828)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829828/; classtype:trojan-activity;sid:83692928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829829)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829829/; classtype:trojan-activity;sid:83692929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829830)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829830/; classtype:trojan-activity;sid:83692930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829831)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829831/; classtype:trojan-activity;sid:83692931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829832)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829832/; classtype:trojan-activity;sid:83692932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829833)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829833/; classtype:trojan-activity;sid:83692933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829824)"; flow:established,from_client; content:"GET"; http_method; content:"/cc79ef49e382fdb7/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.70.186.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829824/; classtype:trojan-activity;sid:83692924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829823)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829823/; classtype:trojan-activity;sid:83692923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829820)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829820/; classtype:trojan-activity;sid:83692920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829821)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829821/; classtype:trojan-activity;sid:83692921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829817)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829817/; classtype:trojan-activity;sid:83692917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829818)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829818/; classtype:trojan-activity;sid:83692918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829819)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829819/; classtype:trojan-activity;sid:83692919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829816)"; flow:established,from_client; content:"GET"; http_method; content:"/69cd1a5596d101dd/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.161.248.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829816/; classtype:trojan-activity;sid:83692916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829815)"; flow:established,from_client; content:"GET"; http_method; content:"/file/7os5cx2x4rp70nm/upl0ader.7z/file"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.mediafire.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829815/; classtype:trojan-activity;sid:83692915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829813)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1226148623633616937/1226152095611355169/removerai.exe|3f|ex=6623ba20|7c|26|7c|is=66114520|7c|26|7c|hm=9801c4f179d29bf85b768ad75acfdbd89cdf3c621bca75ee1e8f81065a4caae4|7c|26|7c|"; http_uri; depth:189; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829813/; classtype:trojan-activity;sid:83692913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829814)"; flow:established,from_client; content:"GET"; http_method; content:"/m3mastika/three/main/qqyt33.sh"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829814/; classtype:trojan-activity;sid:83692914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.242.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829812/; classtype:trojan-activity;sid:83692912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829810)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.234.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829810/; classtype:trojan-activity;sid:83692910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829811)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.117.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829811/; classtype:trojan-activity;sid:83692911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829808)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.65.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829808/; classtype:trojan-activity;sid:83692908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829809)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.215.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829809/; classtype:trojan-activity;sid:83692909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.206.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829807/; classtype:trojan-activity;sid:83692907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829806)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829806/; classtype:trojan-activity;sid:83692906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829805)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.121.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829805/; classtype:trojan-activity;sid:83692905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829804)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.191.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829804/; classtype:trojan-activity;sid:83692904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.61.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829803/; classtype:trojan-activity;sid:83692903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829802)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.21.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829802/; classtype:trojan-activity;sid:83692902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.164.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829801/; classtype:trojan-activity;sid:83692901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829800/; classtype:trojan-activity;sid:83692900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829799)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829799/; classtype:trojan-activity;sid:83692899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829798/; classtype:trojan-activity;sid:83692898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829797)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829797/; classtype:trojan-activity;sid:83692897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829796)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829796/; classtype:trojan-activity;sid:83692896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.243"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829795/; classtype:trojan-activity;sid:83692895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.205.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829794/; classtype:trojan-activity;sid:83692894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.153.206.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829793/; classtype:trojan-activity;sid:83692893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.95.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829792/; classtype:trojan-activity;sid:83692892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829791/; classtype:trojan-activity;sid:83692891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.206.176"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829790/; classtype:trojan-activity;sid:83692890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.240.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829789/; classtype:trojan-activity;sid:83692889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.137.196.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829788/; classtype:trojan-activity;sid:83692888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829787)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829787/; classtype:trojan-activity;sid:83692887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829786)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.164.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829786/; classtype:trojan-activity;sid:83692886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829785)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.250.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829785/; classtype:trojan-activity;sid:83692885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829784)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.239.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829784/; classtype:trojan-activity;sid:83692884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829783)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829783/; classtype:trojan-activity;sid:83692883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.5.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829782/; classtype:trojan-activity;sid:83692882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829781)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829781/; classtype:trojan-activity;sid:83692881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829780)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.47.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829780/; classtype:trojan-activity;sid:83692880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829779)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829779/; classtype:trojan-activity;sid:83692879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829778)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.38.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829778/; classtype:trojan-activity;sid:83692878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829776/; classtype:trojan-activity;sid:83692876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.184.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829777/; classtype:trojan-activity;sid:83692877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.46.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829774/; classtype:trojan-activity;sid:83692874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829775)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.118.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829775/; classtype:trojan-activity;sid:83692875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.21.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829773/; classtype:trojan-activity;sid:83692873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829772/; classtype:trojan-activity;sid:83692872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.111.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829771/; classtype:trojan-activity;sid:83692871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829770)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.205.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829770/; classtype:trojan-activity;sid:83692870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829769)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.206.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829769/; classtype:trojan-activity;sid:83692869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.147.230.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829768/; classtype:trojan-activity;sid:83692868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829767)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.212.142.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829767/; classtype:trojan-activity;sid:83692867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829765)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.196.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829765/; classtype:trojan-activity;sid:83692865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829766)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.21.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829766/; classtype:trojan-activity;sid:83692866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829764/; classtype:trojan-activity;sid:83692864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829763)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.118.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829763/; classtype:trojan-activity;sid:83692863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.20"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829762/; classtype:trojan-activity;sid:83692862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.147.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829761/; classtype:trojan-activity;sid:83692861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.130.153"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829760/; classtype:trojan-activity;sid:83692860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829759/; classtype:trojan-activity;sid:83692859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829758)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.23.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829758/; classtype:trojan-activity;sid:83692858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829757/; classtype:trojan-activity;sid:83692857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.147.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829756/; classtype:trojan-activity;sid:83692856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.108.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829755/; classtype:trojan-activity;sid:83692855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.234.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829754/; classtype:trojan-activity;sid:83692854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829753/; classtype:trojan-activity;sid:83692853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829752/; classtype:trojan-activity;sid:83692852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829751/; classtype:trojan-activity;sid:83692851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829750)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.230.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829750/; classtype:trojan-activity;sid:83692850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.137.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829749/; classtype:trojan-activity;sid:83692849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829748)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829748/; classtype:trojan-activity;sid:83692848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829746)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.180.221.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829746/; classtype:trojan-activity;sid:83692846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829747)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.53.42.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829747/; classtype:trojan-activity;sid:83692847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.12.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829745/; classtype:trojan-activity;sid:83692845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.116.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829743/; classtype:trojan-activity;sid:83692843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829744/; classtype:trojan-activity;sid:83692844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829741/; classtype:trojan-activity;sid:83692841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829742)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829742/; classtype:trojan-activity;sid:83692842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.232.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829740/; classtype:trojan-activity;sid:83692840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829739/; classtype:trojan-activity;sid:83692839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829738/; classtype:trojan-activity;sid:83692838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.223.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829737/; classtype:trojan-activity;sid:83692837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829736)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.147.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829736/; classtype:trojan-activity;sid:83692836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829735/; classtype:trojan-activity;sid:83692835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829734)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829734/; classtype:trojan-activity;sid:83692834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829733)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1232897598218571787/1233983637008158781/done.exe|3f|ex=662f1451|7c|26|7c|is=662dc2d1|7c|26|7c|hm=eb40de796aa6a6329ad5b4c70e875a50398a9c34fb15f37dd7804e3ba6bd13f4|7c|26|7c|"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829733/; classtype:trojan-activity;sid:83692833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.12.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829732/; classtype:trojan-activity;sid:83692832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829731)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.108.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829731/; classtype:trojan-activity;sid:83692831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.177.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829730/; classtype:trojan-activity;sid:83692830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829729)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829729/; classtype:trojan-activity;sid:83692829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.24.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829728/; classtype:trojan-activity;sid:83692828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829727)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.74.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829727/; classtype:trojan-activity;sid:83692827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829726)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829726/; classtype:trojan-activity;sid:83692826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829725)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.110.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829725/; classtype:trojan-activity;sid:83692825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829724)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.254.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829724/; classtype:trojan-activity;sid:83692824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.250.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829723/; classtype:trojan-activity;sid:83692823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829722)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.70.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829722/; classtype:trojan-activity;sid:83692822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.223.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829721/; classtype:trojan-activity;sid:83692821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829720)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.13.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829720/; classtype:trojan-activity;sid:83692820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.234.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829719/; classtype:trojan-activity;sid:83692819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829718/; classtype:trojan-activity;sid:83692818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829717/; classtype:trojan-activity;sid:83692817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.204.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829716/; classtype:trojan-activity;sid:83692816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829715)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829715/; classtype:trojan-activity;sid:83692815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.233.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829714/; classtype:trojan-activity;sid:83692814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829713)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829713/; classtype:trojan-activity;sid:83692813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829712/; classtype:trojan-activity;sid:83692812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.108.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829711/; classtype:trojan-activity;sid:83692811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.177.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829710/; classtype:trojan-activity;sid:83692810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.29.113"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829709/; classtype:trojan-activity;sid:83692809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.27.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829708/; classtype:trojan-activity;sid:83692808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.28.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829707/; classtype:trojan-activity;sid:83692807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829706/; classtype:trojan-activity;sid:83692806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829705)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.251.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829705/; classtype:trojan-activity;sid:83692805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829704/; classtype:trojan-activity;sid:83692804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.118.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829703/; classtype:trojan-activity;sid:83692803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.237.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829702/; classtype:trojan-activity;sid:83692802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.173.8.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829701/; classtype:trojan-activity;sid:83692801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829700)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.58.0"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829700/; classtype:trojan-activity;sid:83692800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.25.76.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829699/; classtype:trojan-activity;sid:83692799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829698/; classtype:trojan-activity;sid:83692798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829697/; classtype:trojan-activity;sid:83692797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.118.99"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829695/; classtype:trojan-activity;sid:83692795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829696/; classtype:trojan-activity;sid:83692796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829694/; classtype:trojan-activity;sid:83692794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.69.158.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829693/; classtype:trojan-activity;sid:83692793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829692/; classtype:trojan-activity;sid:83692792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.177.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829691/; classtype:trojan-activity;sid:83692791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.171.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829690/; classtype:trojan-activity;sid:83692790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.27.19"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829689/; classtype:trojan-activity;sid:83692789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.54.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829688/; classtype:trojan-activity;sid:83692788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829687/; classtype:trojan-activity;sid:83692787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.7.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829686/; classtype:trojan-activity;sid:83692786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829685)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.79.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829685/; classtype:trojan-activity;sid:83692785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829684)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.92.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829684/; classtype:trojan-activity;sid:83692784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829681)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.30.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829681/; classtype:trojan-activity;sid:83692781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.41.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829682/; classtype:trojan-activity;sid:83692782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.177.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829683/; classtype:trojan-activity;sid:83692783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829680/; classtype:trojan-activity;sid:83692780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.103.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829678/; classtype:trojan-activity;sid:83692778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.54.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829679/; classtype:trojan-activity;sid:83692779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829677/; classtype:trojan-activity;sid:83692777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829676/; classtype:trojan-activity;sid:83692776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.47.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829675/; classtype:trojan-activity;sid:83692775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829674/; classtype:trojan-activity;sid:83692774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829673/; classtype:trojan-activity;sid:83692773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.92.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829672/; classtype:trojan-activity;sid:83692772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.125.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829671/; classtype:trojan-activity;sid:83692771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829670/; classtype:trojan-activity;sid:83692770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829669)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829669/; classtype:trojan-activity;sid:83692769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829668)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.183.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829668/; classtype:trojan-activity;sid:83692768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.181.252.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829667/; classtype:trojan-activity;sid:83692767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829665)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.234.202.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829665/; classtype:trojan-activity;sid:83692765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829666)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829666/; classtype:trojan-activity;sid:83692766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829664)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.231.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829664/; classtype:trojan-activity;sid:83692764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.7.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829663/; classtype:trojan-activity;sid:83692763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829662)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829662/; classtype:trojan-activity;sid:83692762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829661)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.156.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829661/; classtype:trojan-activity;sid:83692761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.73.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829660/; classtype:trojan-activity;sid:83692760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829659)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.237.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829659/; classtype:trojan-activity;sid:83692759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829658)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.179.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829658/; classtype:trojan-activity;sid:83692758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.171.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829657/; classtype:trojan-activity;sid:83692757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829656/; classtype:trojan-activity;sid:83692756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.232.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829655/; classtype:trojan-activity;sid:83692755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829654/; classtype:trojan-activity;sid:83692754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829653)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829653/; classtype:trojan-activity;sid:83692753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.179.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829652/; classtype:trojan-activity;sid:83692752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829651)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829651/; classtype:trojan-activity;sid:83692751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.44.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829650/; classtype:trojan-activity;sid:83692750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.24.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829649/; classtype:trojan-activity;sid:83692749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.223.226.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829648/; classtype:trojan-activity;sid:83692748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.16.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829647/; classtype:trojan-activity;sid:83692747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.27.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829646/; classtype:trojan-activity;sid:83692746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.8.95"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829645/; classtype:trojan-activity;sid:83692745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.132.88.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829644/; classtype:trojan-activity;sid:83692744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829643/; classtype:trojan-activity;sid:83692743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.152.49.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829642/; classtype:trojan-activity;sid:83692742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829641)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.163.228.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829641/; classtype:trojan-activity;sid:83692741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829640)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829640/; classtype:trojan-activity;sid:83692740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.125.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829639/; classtype:trojan-activity;sid:83692739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.166.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829638/; classtype:trojan-activity;sid:83692738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829637)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.231.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829637/; classtype:trojan-activity;sid:83692737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829636)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.241.48.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829636/; classtype:trojan-activity;sid:83692736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829635)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829635/; classtype:trojan-activity;sid:83692735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829634)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.205.253.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829634/; classtype:trojan-activity;sid:83692734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.8.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829632/; classtype:trojan-activity;sid:83692732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.23.229"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829633/; classtype:trojan-activity;sid:83692733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.171.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829631/; classtype:trojan-activity;sid:83692731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829630)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829630/; classtype:trojan-activity;sid:83692730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.44.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829629/; classtype:trojan-activity;sid:83692729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.24.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829628/; classtype:trojan-activity;sid:83692728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.6.70.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829627/; classtype:trojan-activity;sid:83692727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.0.187"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829626/; classtype:trojan-activity;sid:83692726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829625/; classtype:trojan-activity;sid:83692725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.171.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829624/; classtype:trojan-activity;sid:83692724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829623/; classtype:trojan-activity;sid:83692723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.63.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829622/; classtype:trojan-activity;sid:83692722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829621)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829621/; classtype:trojan-activity;sid:83692721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.44.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829619/; classtype:trojan-activity;sid:83692719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.166.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829620/; classtype:trojan-activity;sid:83692720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829618/; classtype:trojan-activity;sid:83692718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.252.44.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829617/; classtype:trojan-activity;sid:83692717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829615)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.48.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829615/; classtype:trojan-activity;sid:83692715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829616)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.147.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829616/; classtype:trojan-activity;sid:83692716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.35.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829614/; classtype:trojan-activity;sid:83692714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.11.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829613/; classtype:trojan-activity;sid:83692713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.206.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829612/; classtype:trojan-activity;sid:83692712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829611/; classtype:trojan-activity;sid:83692711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.177.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829609/; classtype:trojan-activity;sid:83692709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.4.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829610/; classtype:trojan-activity;sid:83692710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.210.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829608/; classtype:trojan-activity;sid:83692708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829607/; classtype:trojan-activity;sid:83692707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829606/; classtype:trojan-activity;sid:83692706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.238.242.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829605/; classtype:trojan-activity;sid:83692705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.140.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829604/; classtype:trojan-activity;sid:83692704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.35.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829603/; classtype:trojan-activity;sid:83692703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.148.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829602/; classtype:trojan-activity;sid:83692702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.60.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829601/; classtype:trojan-activity;sid:83692701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.215.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829600/; classtype:trojan-activity;sid:83692700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829599)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829599/; classtype:trojan-activity;sid:83692699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829598/; classtype:trojan-activity;sid:83692698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829597)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.5.91"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829597/; classtype:trojan-activity;sid:83692697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.197.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829596/; classtype:trojan-activity;sid:83692696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.11.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829595/; classtype:trojan-activity;sid:83692695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829594)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.98.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829594/; classtype:trojan-activity;sid:83692694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829593/; classtype:trojan-activity;sid:83692693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.252.233.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829592/; classtype:trojan-activity;sid:83692692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.238.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829591/; classtype:trojan-activity;sid:83692691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829590/; classtype:trojan-activity;sid:83692690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829589)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.210.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829589/; classtype:trojan-activity;sid:83692689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829588/; classtype:trojan-activity;sid:83692688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.230"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829586/; classtype:trojan-activity;sid:83692686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829587)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.31.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829587/; classtype:trojan-activity;sid:83692687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829585/; classtype:trojan-activity;sid:83692685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829584)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.15.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829584/; classtype:trojan-activity;sid:83692684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.242.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829583/; classtype:trojan-activity;sid:83692683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.8.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829581/; classtype:trojan-activity;sid:83692681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829582)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829582/; classtype:trojan-activity;sid:83692682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829580)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829580/; classtype:trojan-activity;sid:83692680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.212.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829579/; classtype:trojan-activity;sid:83692679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829578)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.140.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829578/; classtype:trojan-activity;sid:83692678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.60.40"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829577/; classtype:trojan-activity;sid:83692677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.238.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829575/; classtype:trojan-activity;sid:83692675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829576)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.209.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829576/; classtype:trojan-activity;sid:83692676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.252.233.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829574/; classtype:trojan-activity;sid:83692674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829573)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829573/; classtype:trojan-activity;sid:83692673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.36.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829572/; classtype:trojan-activity;sid:83692672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.50"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829571/; classtype:trojan-activity;sid:83692671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.35.120.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829570/; classtype:trojan-activity;sid:83692670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.215.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829569/; classtype:trojan-activity;sid:83692669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829568)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829568/; classtype:trojan-activity;sid:83692668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829566)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.119.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829566/; classtype:trojan-activity;sid:83692666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829567)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.179.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829567/; classtype:trojan-activity;sid:83692667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829565)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.179"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829565/; classtype:trojan-activity;sid:83692665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829564)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.212.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829564/; classtype:trojan-activity;sid:83692664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829563/; classtype:trojan-activity;sid:83692663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.209.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829562/; classtype:trojan-activity;sid:83692662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.169.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829561/; classtype:trojan-activity;sid:83692661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.108.8"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829560/; classtype:trojan-activity;sid:83692660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829559)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.86.52"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829559/; classtype:trojan-activity;sid:83692659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829558)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829558/; classtype:trojan-activity;sid:83692658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829557)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.134.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829557/; classtype:trojan-activity;sid:83692657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.150.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829556/; classtype:trojan-activity;sid:83692656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.254.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829555/; classtype:trojan-activity;sid:83692655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.19.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829554/; classtype:trojan-activity;sid:83692654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.37.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829553/; classtype:trojan-activity;sid:83692653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.9.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829552/; classtype:trojan-activity;sid:83692652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.188.80.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829551/; classtype:trojan-activity;sid:83692651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829550)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.115.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829550/; classtype:trojan-activity;sid:83692650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.10.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829549/; classtype:trojan-activity;sid:83692649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.193.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829548/; classtype:trojan-activity;sid:83692648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.7.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829547/; classtype:trojan-activity;sid:83692647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.195.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829545/; classtype:trojan-activity;sid:83692645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.241.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829546/; classtype:trojan-activity;sid:83692646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829544/; classtype:trojan-activity;sid:83692644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829543)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.14.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829543/; classtype:trojan-activity;sid:83692643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.21.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829542/; classtype:trojan-activity;sid:83692642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829541)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.43.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829541/; classtype:trojan-activity;sid:83692641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.102.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829540/; classtype:trojan-activity;sid:83692640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.169.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829539/; classtype:trojan-activity;sid:83692639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.2.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829538/; classtype:trojan-activity;sid:83692638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.79.188.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829537/; classtype:trojan-activity;sid:83692637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.14.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829536/; classtype:trojan-activity;sid:83692636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.196.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829535/; classtype:trojan-activity;sid:83692635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.19.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829534/; classtype:trojan-activity;sid:83692634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829533)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.254.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829533/; classtype:trojan-activity;sid:83692633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829532/; classtype:trojan-activity;sid:83692632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.142.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829531/; classtype:trojan-activity;sid:83692631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.204.3"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829530/; classtype:trojan-activity;sid:83692630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.76.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829529/; classtype:trojan-activity;sid:83692629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.251.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829528/; classtype:trojan-activity;sid:83692628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829527/; classtype:trojan-activity;sid:83692627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829526/; classtype:trojan-activity;sid:83692626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.55.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829525/; classtype:trojan-activity;sid:83692625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.10.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829524/; classtype:trojan-activity;sid:83692624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829523/; classtype:trojan-activity;sid:83692623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.227.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829522/; classtype:trojan-activity;sid:83692622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829521/; classtype:trojan-activity;sid:83692621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829520/; classtype:trojan-activity;sid:83692620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829519/; classtype:trojan-activity;sid:83692619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.228.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829518/; classtype:trojan-activity;sid:83692618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.195.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829517/; classtype:trojan-activity;sid:83692617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829516)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829516/; classtype:trojan-activity;sid:83692616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.4.102.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829515/; classtype:trojan-activity;sid:83692615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829514)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829514/; classtype:trojan-activity;sid:83692614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.15.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_28; reference:url, urlhaus.abuse.ch/url/2829513/; classtype:trojan-activity;sid:83692613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829512)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829512/; classtype:trojan-activity;sid:83692612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829511/; classtype:trojan-activity;sid:83692611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.164.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829510/; classtype:trojan-activity;sid:83692610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.190.31.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829508/; classtype:trojan-activity;sid:83692608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829509)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829509/; classtype:trojan-activity;sid:83692609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.214.14.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829507/; classtype:trojan-activity;sid:83692607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829506)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.166"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829506/; classtype:trojan-activity;sid:83692606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829505)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.181.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829505/; classtype:trojan-activity;sid:83692605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829503)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.49.133"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829503/; classtype:trojan-activity;sid:83692603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829504/; classtype:trojan-activity;sid:83692604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.129.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829502/; classtype:trojan-activity;sid:83692602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.184.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829501/; classtype:trojan-activity;sid:83692601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829500)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.188.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829500/; classtype:trojan-activity;sid:83692600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.241.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829499/; classtype:trojan-activity;sid:83692599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.76.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829498/; classtype:trojan-activity;sid:83692598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829497/; classtype:trojan-activity;sid:83692597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.202.197.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829496/; classtype:trojan-activity;sid:83692596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.68.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829495/; classtype:trojan-activity;sid:83692595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.227.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829494/; classtype:trojan-activity;sid:83692594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829493)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.85.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829493/; classtype:trojan-activity;sid:83692593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.14.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829492/; classtype:trojan-activity;sid:83692592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.190.31.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829491/; classtype:trojan-activity;sid:83692591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829490/; classtype:trojan-activity;sid:83692590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.200"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829489/; classtype:trojan-activity;sid:83692589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829488)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.36.153.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829488/; classtype:trojan-activity;sid:83692588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.129.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829487/; classtype:trojan-activity;sid:83692587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.163"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829485/; classtype:trojan-activity;sid:83692585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.227.4.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829486/; classtype:trojan-activity;sid:83692586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829484)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.180.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829484/; classtype:trojan-activity;sid:83692584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829481)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.59.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829481/; classtype:trojan-activity;sid:83692581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829482)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.72.149.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829482/; classtype:trojan-activity;sid:83692582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829483)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829483/; classtype:trojan-activity;sid:83692583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.184.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829480/; classtype:trojan-activity;sid:83692580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829479)"; flow:established,from_client; content:"GET"; http_method; content:"/img/logo5.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"public-ftp.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829479/; classtype:trojan-activity;sid:83692579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829478)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829478/; classtype:trojan-activity;sid:83692578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.76.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829477/; classtype:trojan-activity;sid:83692577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.131.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829476/; classtype:trojan-activity;sid:83692576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829475/; classtype:trojan-activity;sid:83692575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.47.42.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829474/; classtype:trojan-activity;sid:83692574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.82.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829473/; classtype:trojan-activity;sid:83692573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.68.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829472/; classtype:trojan-activity;sid:83692572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.85.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829471/; classtype:trojan-activity;sid:83692571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.51.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829470/; classtype:trojan-activity;sid:83692570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.255.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829469/; classtype:trojan-activity;sid:83692569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.63.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829468/; classtype:trojan-activity;sid:83692568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.182.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829467/; classtype:trojan-activity;sid:83692567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829466/; classtype:trojan-activity;sid:83692566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.72.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829464/; classtype:trojan-activity;sid:83692564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.42.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829465/; classtype:trojan-activity;sid:83692565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829463/; classtype:trojan-activity;sid:83692563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.206.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829462/; classtype:trojan-activity;sid:83692562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829461)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.124.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829461/; classtype:trojan-activity;sid:83692561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.131.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829460/; classtype:trojan-activity;sid:83692560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.45.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829459/; classtype:trojan-activity;sid:83692559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.145.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829458/; classtype:trojan-activity;sid:83692558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.214.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829457/; classtype:trojan-activity;sid:83692557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.28.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829456/; classtype:trojan-activity;sid:83692556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.79.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829455/; classtype:trojan-activity;sid:83692555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829454/; classtype:trojan-activity;sid:83692554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.82.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829453/; classtype:trojan-activity;sid:83692553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829452)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669052388|3f|hash=tu9xlwxqbus58iil6nxudxm1brxqvducd33thgb9dqs|7c|26|7c|dl=3fzxs5vzwi3har2zc88ti1yu6gujnhw14zcqe6avgwh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829452/; classtype:trojan-activity;sid:83692552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.69.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829451/; classtype:trojan-activity;sid:83692551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829450/; classtype:trojan-activity;sid:83692550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829448)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.86.19.155"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829448/; classtype:trojan-activity;sid:83692548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829449/; classtype:trojan-activity;sid:83692549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.152.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829446/; classtype:trojan-activity;sid:83692546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829447)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.44.252"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829447/; classtype:trojan-activity;sid:83692547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829445)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.151.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829445/; classtype:trojan-activity;sid:83692545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829443/; classtype:trojan-activity;sid:83692543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.182.0"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829444/; classtype:trojan-activity;sid:83692544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.43"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829442/; classtype:trojan-activity;sid:83692542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.243.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829441/; classtype:trojan-activity;sid:83692541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.14.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829440/; classtype:trojan-activity;sid:83692540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829439/; classtype:trojan-activity;sid:83692539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829438)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829438/; classtype:trojan-activity;sid:83692538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.132.166.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829437/; classtype:trojan-activity;sid:83692537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.206.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829436/; classtype:trojan-activity;sid:83692536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829435)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829435/; classtype:trojan-activity;sid:83692535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.161.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829433/; classtype:trojan-activity;sid:83692533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829434)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829434/; classtype:trojan-activity;sid:83692534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829431)"; flow:established,from_client; content:"GET"; http_method; content:"/xbxga.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"filekg-download-01.fra1.cdn.digitaloceanspaces.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829431/; classtype:trojan-activity;sid:83692531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.11.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829432/; classtype:trojan-activity;sid:83692532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829430/; classtype:trojan-activity;sid:83692530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.213.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829429/; classtype:trojan-activity;sid:83692529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.196.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829428/; classtype:trojan-activity;sid:83692528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.211.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829427/; classtype:trojan-activity;sid:83692527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829426)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.65.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829426/; classtype:trojan-activity;sid:83692526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829425/; classtype:trojan-activity;sid:83692525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.221.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829424/; classtype:trojan-activity;sid:83692524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829423/; classtype:trojan-activity;sid:83692523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.0.38.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829422/; classtype:trojan-activity;sid:83692522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.182.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829421/; classtype:trojan-activity;sid:83692521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.159.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829420/; classtype:trojan-activity;sid:83692520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.243.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829419/; classtype:trojan-activity;sid:83692519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.0.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829418/; classtype:trojan-activity;sid:83692518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.254.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829417/; classtype:trojan-activity;sid:83692517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.71.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829416/; classtype:trojan-activity;sid:83692516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829415)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.161.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829415/; classtype:trojan-activity;sid:83692515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.204.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829414/; classtype:trojan-activity;sid:83692514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829413)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829413/; classtype:trojan-activity;sid:83692513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829411)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.39.194.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829411/; classtype:trojan-activity;sid:83692511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829412)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.196.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829412/; classtype:trojan-activity;sid:83692512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.30.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829410/; classtype:trojan-activity;sid:83692510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829409)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.47.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829409/; classtype:trojan-activity;sid:83692509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829408)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.0.209"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829408/; classtype:trojan-activity;sid:83692508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.59.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829406/; classtype:trojan-activity;sid:83692506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.149.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829407/; classtype:trojan-activity;sid:83692507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.231"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829405/; classtype:trojan-activity;sid:83692505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829404/; classtype:trojan-activity;sid:83692504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.182.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829402/; classtype:trojan-activity;sid:83692502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.134.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829403/; classtype:trojan-activity;sid:83692503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829399)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.155.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829399/; classtype:trojan-activity;sid:83692499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829400)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829400/; classtype:trojan-activity;sid:83692500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.158.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829401/; classtype:trojan-activity;sid:83692501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.159.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829398/; classtype:trojan-activity;sid:83692498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829397)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.112.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829397/; classtype:trojan-activity;sid:83692497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829396)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.177.105.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829396/; classtype:trojan-activity;sid:83692496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829395)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829395/; classtype:trojan-activity;sid:83692495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829394/; classtype:trojan-activity;sid:83692494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829393)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.176.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829393/; classtype:trojan-activity;sid:83692493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.129.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829392/; classtype:trojan-activity;sid:83692492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.137.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829391/; classtype:trojan-activity;sid:83692491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.112.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829390/; classtype:trojan-activity;sid:83692490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.199.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829389/; classtype:trojan-activity;sid:83692489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.88.136"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829388/; classtype:trojan-activity;sid:83692488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829387)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669052417|3f|hash=qifudy3lm6knjqkvvac8bk5fuqobzrcsgunc4j7thbe|7c|26|7c|dl=igvyu6ezdyfd1ameqbpl2sz2zzzgytmxgp8sgwgnark|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829387/; classtype:trojan-activity;sid:83692487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.180.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829386/; classtype:trojan-activity;sid:83692486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829384)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.36.135"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829384/; classtype:trojan-activity;sid:83692484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829385/; classtype:trojan-activity;sid:83692485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829383)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668993823|3f|hash=iriogyb2d7166araqx427emazdma6jlowih4cnocags|7c|26|7c|dl=rbni7zizjuu1gyjgfv7ulhatawjcpdpd40eg7lkjxzt|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829383/; classtype:trojan-activity;sid:83692483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829381)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.172.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829381/; classtype:trojan-activity;sid:83692481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829382)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.156.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829382/; classtype:trojan-activity;sid:83692482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829380)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/oofd0zebot"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829380/; classtype:trojan-activity;sid:83692480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829379)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.112.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829379/; classtype:trojan-activity;sid:83692479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.19.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829378/; classtype:trojan-activity;sid:83692478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829377/; classtype:trojan-activity;sid:83692477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.137.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829376/; classtype:trojan-activity;sid:83692476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829374)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.180.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829374/; classtype:trojan-activity;sid:83692474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829375)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.14.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829375/; classtype:trojan-activity;sid:83692475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829373)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.15.119"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829373/; classtype:trojan-activity;sid:83692473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829372/; classtype:trojan-activity;sid:83692472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.154.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829371/; classtype:trojan-activity;sid:83692471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829370)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829370/; classtype:trojan-activity;sid:83692470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.90.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829369/; classtype:trojan-activity;sid:83692469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829368)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829368/; classtype:trojan-activity;sid:83692468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.251.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829367/; classtype:trojan-activity;sid:83692467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.215.167.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829366/; classtype:trojan-activity;sid:83692466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829365/; classtype:trojan-activity;sid:83692465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.244.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829364/; classtype:trojan-activity;sid:83692464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829363)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.172.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829363/; classtype:trojan-activity;sid:83692463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829362/; classtype:trojan-activity;sid:83692462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.80.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829361/; classtype:trojan-activity;sid:83692461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.32.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829360/; classtype:trojan-activity;sid:83692460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.214.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829359/; classtype:trojan-activity;sid:83692459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829358)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.36.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829358/; classtype:trojan-activity;sid:83692458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.161.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829357/; classtype:trojan-activity;sid:83692457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829356)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829356/; classtype:trojan-activity;sid:83692456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.150.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829355/; classtype:trojan-activity;sid:83692455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.251.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829354/; classtype:trojan-activity;sid:83692454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.234.202.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829353/; classtype:trojan-activity;sid:83692453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.102.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829352/; classtype:trojan-activity;sid:83692452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.154.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829351/; classtype:trojan-activity;sid:83692451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.90.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829350/; classtype:trojan-activity;sid:83692450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.147.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829349/; classtype:trojan-activity;sid:83692449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.230.243.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829348/; classtype:trojan-activity;sid:83692448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.105.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829347/; classtype:trojan-activity;sid:83692447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.95.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829346/; classtype:trojan-activity;sid:83692446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.161.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829345/; classtype:trojan-activity;sid:83692445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829344)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.97.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829344/; classtype:trojan-activity;sid:83692444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.220.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829343/; classtype:trojan-activity;sid:83692443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.99.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829342/; classtype:trojan-activity;sid:83692442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829341/; classtype:trojan-activity;sid:83692441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.179.255.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829340/; classtype:trojan-activity;sid:83692440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829339/; classtype:trojan-activity;sid:83692439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.83.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829338/; classtype:trojan-activity;sid:83692438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.75.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829337/; classtype:trojan-activity;sid:83692437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829336)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.75.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829336/; classtype:trojan-activity;sid:83692436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829335/; classtype:trojan-activity;sid:83692435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.126.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829334/; classtype:trojan-activity;sid:83692434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829333/; classtype:trojan-activity;sid:83692433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.230.243.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829332/; classtype:trojan-activity;sid:83692432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.1.17"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829331/; classtype:trojan-activity;sid:83692431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829330/; classtype:trojan-activity;sid:83692430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829329/; classtype:trojan-activity;sid:83692429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.222.252.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829328/; classtype:trojan-activity;sid:83692428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.32.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829326/; classtype:trojan-activity;sid:83692426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.97.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829327/; classtype:trojan-activity;sid:83692427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"160.179.142.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829324/; classtype:trojan-activity;sid:83692424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.88.125.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829325/; classtype:trojan-activity;sid:83692425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.181.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829322/; classtype:trojan-activity;sid:83692422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.65.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829323/; classtype:trojan-activity;sid:83692423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.83.247.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829321/; classtype:trojan-activity;sid:83692421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829320)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.129.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829320/; classtype:trojan-activity;sid:83692420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829319)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.174.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829319/; classtype:trojan-activity;sid:83692419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829318)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.255.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829318/; classtype:trojan-activity;sid:83692418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.179.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829317/; classtype:trojan-activity;sid:83692417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829316)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.48.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829316/; classtype:trojan-activity;sid:83692416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.32.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829315/; classtype:trojan-activity;sid:83692415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.147.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829314/; classtype:trojan-activity;sid:83692414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829313)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829313/; classtype:trojan-activity;sid:83692413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829312)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.1.17"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829312/; classtype:trojan-activity;sid:83692412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829311)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829311/; classtype:trojan-activity;sid:83692411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829306)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829306/; classtype:trojan-activity;sid:83692406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829307)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829307/; classtype:trojan-activity;sid:83692407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829308)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829308/; classtype:trojan-activity;sid:83692408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829309)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829309/; classtype:trojan-activity;sid:83692409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829310)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829310/; classtype:trojan-activity;sid:83692410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829300)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829300/; classtype:trojan-activity;sid:83692400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829301)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829301/; classtype:trojan-activity;sid:83692401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829302)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829302/; classtype:trojan-activity;sid:83692402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829303)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829303/; classtype:trojan-activity;sid:83692403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829304)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829304/; classtype:trojan-activity;sid:83692404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829305)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.203.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829305/; classtype:trojan-activity;sid:83692405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.229.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829299/; classtype:trojan-activity;sid:83692399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829298/; classtype:trojan-activity;sid:83692398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829297)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.220.146.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829297/; classtype:trojan-activity;sid:83692397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829296)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.0.252.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829296/; classtype:trojan-activity;sid:83692396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.83.247.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829295/; classtype:trojan-activity;sid:83692395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829294)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.48.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829294/; classtype:trojan-activity;sid:83692394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.190.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829293/; classtype:trojan-activity;sid:83692393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.21.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829291/; classtype:trojan-activity;sid:83692391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.179.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829292/; classtype:trojan-activity;sid:83692392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.21.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829290/; classtype:trojan-activity;sid:83692390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829289)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.12.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829289/; classtype:trojan-activity;sid:83692389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.237.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829288/; classtype:trojan-activity;sid:83692388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.85.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829287/; classtype:trojan-activity;sid:83692387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.85.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829286/; classtype:trojan-activity;sid:83692386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.96.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829285/; classtype:trojan-activity;sid:83692385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.7.144.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829284/; classtype:trojan-activity;sid:83692384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.174.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829283/; classtype:trojan-activity;sid:83692383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.22.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829282/; classtype:trojan-activity;sid:83692382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.98.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829281/; classtype:trojan-activity;sid:83692381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.254.130"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829278/; classtype:trojan-activity;sid:83692378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.164.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829279/; classtype:trojan-activity;sid:83692379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829280/; classtype:trojan-activity;sid:83692380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829277/; classtype:trojan-activity;sid:83692377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.180.88"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829276/; classtype:trojan-activity;sid:83692376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.146.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829275/; classtype:trojan-activity;sid:83692375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829274)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.44.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829274/; classtype:trojan-activity;sid:83692374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829273/; classtype:trojan-activity;sid:83692373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829272)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.239.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829272/; classtype:trojan-activity;sid:83692372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.23.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829271/; classtype:trojan-activity;sid:83692371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.3.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829270/; classtype:trojan-activity;sid:83692370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829269)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.123.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829269/; classtype:trojan-activity;sid:83692369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829268)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.66.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829268/; classtype:trojan-activity;sid:83692368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.98.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829267/; classtype:trojan-activity;sid:83692367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829266/; classtype:trojan-activity;sid:83692366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.53.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829265/; classtype:trojan-activity;sid:83692365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.199.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829264/; classtype:trojan-activity;sid:83692364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829262)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.176.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829262/; classtype:trojan-activity;sid:83692362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.67.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829263/; classtype:trojan-activity;sid:83692363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.44.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829261/; classtype:trojan-activity;sid:83692361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829260)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.165.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829260/; classtype:trojan-activity;sid:83692360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829259/; classtype:trojan-activity;sid:83692359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.19.43.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829258/; classtype:trojan-activity;sid:83692358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.79.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829257/; classtype:trojan-activity;sid:83692357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829256)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829256/; classtype:trojan-activity;sid:83692356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.241.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829255/; classtype:trojan-activity;sid:83692355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829254/; classtype:trojan-activity;sid:83692354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.105.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829253/; classtype:trojan-activity;sid:83692353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.106.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829252/; classtype:trojan-activity;sid:83692352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.230.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829251/; classtype:trojan-activity;sid:83692351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829250)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.173.4.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829250/; classtype:trojan-activity;sid:83692350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.203.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829249/; classtype:trojan-activity;sid:83692349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829248/; classtype:trojan-activity;sid:83692348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.100.246.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829247/; classtype:trojan-activity;sid:83692347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.6.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829246/; classtype:trojan-activity;sid:83692346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829245)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.spc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829245/; classtype:trojan-activity;sid:83692345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.4.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829244/; classtype:trojan-activity;sid:83692344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.210.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829243/; classtype:trojan-activity;sid:83692343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829242/; classtype:trojan-activity;sid:83692342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.85.102.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829241/; classtype:trojan-activity;sid:83692341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.85.102.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829240/; classtype:trojan-activity;sid:83692340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.100.246.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829239/; classtype:trojan-activity;sid:83692339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829238)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.199.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829238/; classtype:trojan-activity;sid:83692338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829237/; classtype:trojan-activity;sid:83692337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.108.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829236/; classtype:trojan-activity;sid:83692336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829235/; classtype:trojan-activity;sid:83692335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829234)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829234/; classtype:trojan-activity;sid:83692334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.238.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829232/; classtype:trojan-activity;sid:83692332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.202.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829233/; classtype:trojan-activity;sid:83692333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829231)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.210.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829231/; classtype:trojan-activity;sid:83692331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.70.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829230/; classtype:trojan-activity;sid:83692330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829229)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829229/; classtype:trojan-activity;sid:83692329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.85.102.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829228/; classtype:trojan-activity;sid:83692328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829227)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829227/; classtype:trojan-activity;sid:83692327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829226)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.108.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829226/; classtype:trojan-activity;sid:83692326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829225/; classtype:trojan-activity;sid:83692325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829224/; classtype:trojan-activity;sid:83692324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.238.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829223/; classtype:trojan-activity;sid:83692323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.76.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829222/; classtype:trojan-activity;sid:83692322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.53.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829220/; classtype:trojan-activity;sid:83692320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.230.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829221/; classtype:trojan-activity;sid:83692321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829219)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.121.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829219/; classtype:trojan-activity;sid:83692319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.174.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829218/; classtype:trojan-activity;sid:83692318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829217/; classtype:trojan-activity;sid:83692317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829216)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.70.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829216/; classtype:trojan-activity;sid:83692316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.10.161"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829215/; classtype:trojan-activity;sid:83692315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.23.79.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829214/; classtype:trojan-activity;sid:83692314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829212)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.173.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829212/; classtype:trojan-activity;sid:83692312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829213)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.219.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829213/; classtype:trojan-activity;sid:83692313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.45.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829211/; classtype:trojan-activity;sid:83692311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829210)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"183.188.146.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829210/; classtype:trojan-activity;sid:83692310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.15.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829209/; classtype:trojan-activity;sid:83692309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829208)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.222.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829208/; classtype:trojan-activity;sid:83692308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.70.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829207/; classtype:trojan-activity;sid:83692307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829206)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.173.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829206/; classtype:trojan-activity;sid:83692306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829205/; classtype:trojan-activity;sid:83692305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829204)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.219.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829204/; classtype:trojan-activity;sid:83692304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.76.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829203/; classtype:trojan-activity;sid:83692303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.63.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829202/; classtype:trojan-activity;sid:83692302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.214.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829201/; classtype:trojan-activity;sid:83692301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.62.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829200/; classtype:trojan-activity;sid:83692300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829199)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829199/; classtype:trojan-activity;sid:83692299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.23.79.248"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829198/; classtype:trojan-activity;sid:83692298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.10.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829197/; classtype:trojan-activity;sid:83692297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.188.146.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829196/; classtype:trojan-activity;sid:83692296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.221.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829195/; classtype:trojan-activity;sid:83692295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829194)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.238.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829194/; classtype:trojan-activity;sid:83692294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.240.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829193/; classtype:trojan-activity;sid:83692293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829192/; classtype:trojan-activity;sid:83692292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.97.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829191/; classtype:trojan-activity;sid:83692291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.206.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829190/; classtype:trojan-activity;sid:83692290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.177.251.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829189/; classtype:trojan-activity;sid:83692289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829188/; classtype:trojan-activity;sid:83692288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.71.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829187/; classtype:trojan-activity;sid:83692287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.15.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829186/; classtype:trojan-activity;sid:83692286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.10.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829185/; classtype:trojan-activity;sid:83692285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.214.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829184/; classtype:trojan-activity;sid:83692284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829182)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.42.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829182/; classtype:trojan-activity;sid:83692282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.11.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829183/; classtype:trojan-activity;sid:83692283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.98.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829181/; classtype:trojan-activity;sid:83692281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.51.173.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829180/; classtype:trojan-activity;sid:83692280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.189.103.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829179/; classtype:trojan-activity;sid:83692279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.67.28.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829178/; classtype:trojan-activity;sid:83692278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.71.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829177/; classtype:trojan-activity;sid:83692277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.67.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829176/; classtype:trojan-activity;sid:83692276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.218.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829175/; classtype:trojan-activity;sid:83692275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829174)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829174/; classtype:trojan-activity;sid:83692274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.159.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829173/; classtype:trojan-activity;sid:83692273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.212.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829172/; classtype:trojan-activity;sid:83692272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829171)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.24.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829171/; classtype:trojan-activity;sid:83692271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.67.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829170/; classtype:trojan-activity;sid:83692270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.76.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829169/; classtype:trojan-activity;sid:83692269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829168)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/5wwdrjhi"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829168/; classtype:trojan-activity;sid:83692268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829167)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/utfplahg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829167/; classtype:trojan-activity;sid:83692267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829166)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.sh4"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829166/; classtype:trojan-activity;sid:83692266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829164)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829164/; classtype:trojan-activity;sid:83692264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829165)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.ppc"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829165/; classtype:trojan-activity;sid:83692265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829157)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mips"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829157/; classtype:trojan-activity;sid:83692257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829158)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.m68k"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829158/; classtype:trojan-activity;sid:83692258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829159)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm7"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829159/; classtype:trojan-activity;sid:83692259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829160)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.mpsl"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829160/; classtype:trojan-activity;sid:83692260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829161)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm6"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829161/; classtype:trojan-activity;sid:83692261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829162)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.arm5"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829162/; classtype:trojan-activity;sid:83692262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829163)"; flow:established,from_client; content:"GET"; http_method; content:"/hiddenbin/boatnet.x86"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"94.156.66.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829163/; classtype:trojan-activity;sid:83692263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.97.196.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829156/; classtype:trojan-activity;sid:83692256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829155)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.45.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829155/; classtype:trojan-activity;sid:83692255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.224.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829154/; classtype:trojan-activity;sid:83692254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.123.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829153/; classtype:trojan-activity;sid:83692253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.116"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829152/; classtype:trojan-activity;sid:83692252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829151/; classtype:trojan-activity;sid:83692251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.246.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829150/; classtype:trojan-activity;sid:83692250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829149)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669040344|3f|hash=zhwecl1jwafpec5ren3vcvibtydxgrgwifuep3a6qb8|7c|26|7c|dl=2zlq17ytrfph3hvz0axev1jujpmaswhpzhobwrzff2z|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829149/; classtype:trojan-activity;sid:83692249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.222.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829148/; classtype:trojan-activity;sid:83692248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829147)"; flow:established,from_client; content:"GET"; http_method; content:"/download/returnlegendsetup.rar"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"returnlegend.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829147/; classtype:trojan-activity;sid:83692247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829145)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon443"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829145/; classtype:trojan-activity;sid:83692245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829146)"; flow:established,from_client; content:"GET"; http_method; content:"/huawei"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829146/; classtype:trojan-activity;sid:83692246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829137)"; flow:established,from_client; content:"GET"; http_method; content:"/zte"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829137/; classtype:trojan-activity;sid:83692237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829138)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829138/; classtype:trojan-activity;sid:83692238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829139)"; flow:established,from_client; content:"GET"; http_method; content:"/yarn"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829139/; classtype:trojan-activity;sid:83692239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829140)"; flow:established,from_client; content:"GET"; http_method; content:"/zyxel"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829140/; classtype:trojan-activity;sid:83692240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829141)"; flow:established,from_client; content:"GET"; http_method; content:"/thinkphp"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829141/; classtype:trojan-activity;sid:83692241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829142)"; flow:established,from_client; content:"GET"; http_method; content:"/lg"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829142/; classtype:trojan-activity;sid:83692242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829143)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829143/; classtype:trojan-activity;sid:83692243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829144)"; flow:established,from_client; content:"GET"; http_method; content:"/adb.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829144/; classtype:trojan-activity;sid:83692244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829136)"; flow:established,from_client; content:"GET"; http_method; content:"/realtek"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829136/; classtype:trojan-activity;sid:83692236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.118.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829135/; classtype:trojan-activity;sid:83692235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829134/; classtype:trojan-activity;sid:83692234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.196.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829133/; classtype:trojan-activity;sid:83692233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.13.236.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829132/; classtype:trojan-activity;sid:83692232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.45.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829130/; classtype:trojan-activity;sid:83692230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829131/; classtype:trojan-activity;sid:83692231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829128)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.92.176.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829128/; classtype:trojan-activity;sid:83692228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829129)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"164.92.176.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829129/; classtype:trojan-activity;sid:83692229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.222.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829127/; classtype:trojan-activity;sid:83692227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829126)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829126/; classtype:trojan-activity;sid:83692226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.64.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829125/; classtype:trojan-activity;sid:83692225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.122.134.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829124/; classtype:trojan-activity;sid:83692224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829123/; classtype:trojan-activity;sid:83692223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829122)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829122/; classtype:trojan-activity;sid:83692222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.93.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829121/; classtype:trojan-activity;sid:83692221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829119)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.99.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829119/; classtype:trojan-activity;sid:83692219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.172.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829120/; classtype:trojan-activity;sid:83692220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.13.236.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829118/; classtype:trojan-activity;sid:83692218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829116)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829116/; classtype:trojan-activity;sid:83692216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829117)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"42.112.26.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829117/; classtype:trojan-activity;sid:83692217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.12.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829115/; classtype:trojan-activity;sid:83692215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829114/; classtype:trojan-activity;sid:83692214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.89.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829113/; classtype:trojan-activity;sid:83692213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829112)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"201.242.93.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829112/; classtype:trojan-activity;sid:83692212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829111/; classtype:trojan-activity;sid:83692211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.64.59"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829110/; classtype:trojan-activity;sid:83692210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.246.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829109/; classtype:trojan-activity;sid:83692209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829107)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.159.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829107/; classtype:trojan-activity;sid:83692207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.237.23.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829108/; classtype:trojan-activity;sid:83692208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829106)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669038830|3f|hash=lxyq07lxtbktlqtqhsuxfs2udomnbzw3ds4ocqqpdzg|7c|26|7c|dl=ufaw7rzxle9sqcfbbmszo67s0rs7ddfzljopgpwhzsh|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829106/; classtype:trojan-activity;sid:83692206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.214.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829105/; classtype:trojan-activity;sid:83692205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829102)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829102/; classtype:trojan-activity;sid:83692202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829103)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829103/; classtype:trojan-activity;sid:83692203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829104)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829104/; classtype:trojan-activity;sid:83692204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829101)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829101/; classtype:trojan-activity;sid:83692201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.50.57.143"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829100/; classtype:trojan-activity;sid:83692200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.40.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829099/; classtype:trojan-activity;sid:83692199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.135.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829098/; classtype:trojan-activity;sid:83692198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.197.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829097/; classtype:trojan-activity;sid:83692197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829096)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/5248630/msedge1.exe"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"tmpfiles.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829096/; classtype:trojan-activity;sid:83692196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.197.245"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829095/; classtype:trojan-activity;sid:83692195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.210.183.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829094/; classtype:trojan-activity;sid:83692194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.170.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829093/; classtype:trojan-activity;sid:83692193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.127.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829092/; classtype:trojan-activity;sid:83692192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.214.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829089/; classtype:trojan-activity;sid:83692189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.110.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829090/; classtype:trojan-activity;sid:83692190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.239.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829091/; classtype:trojan-activity;sid:83692191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.103.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829088/; classtype:trojan-activity;sid:83692188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.11.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829087/; classtype:trojan-activity;sid:83692187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829085)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829085/; classtype:trojan-activity;sid:83692185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829086)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.40.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829086/; classtype:trojan-activity;sid:83692186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.221.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829084/; classtype:trojan-activity;sid:83692184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829083)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.176.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829083/; classtype:trojan-activity;sid:83692183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.72.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829082/; classtype:trojan-activity;sid:83692182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829081)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829081/; classtype:trojan-activity;sid:83692181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829080)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.110.40"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829080/; classtype:trojan-activity;sid:83692180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829078)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.224.99.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829078/; classtype:trojan-activity;sid:83692178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829079/; classtype:trojan-activity;sid:83692179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.127.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829077/; classtype:trojan-activity;sid:83692177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.210.183.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829076/; classtype:trojan-activity;sid:83692176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.28.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829075/; classtype:trojan-activity;sid:83692175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829074/; classtype:trojan-activity;sid:83692174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829073/; classtype:trojan-activity;sid:83692173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829072/; classtype:trojan-activity;sid:83692172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829071/; classtype:trojan-activity;sid:83692171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829070)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.4.222"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829070/; classtype:trojan-activity;sid:83692170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.85.126.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829069/; classtype:trojan-activity;sid:83692169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.11.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829068/; classtype:trojan-activity;sid:83692168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829067)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829067/; classtype:trojan-activity;sid:83692167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829066)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829066/; classtype:trojan-activity;sid:83692166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829063)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829063/; classtype:trojan-activity;sid:83692163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829064)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829064/; classtype:trojan-activity;sid:83692164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829065)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829065/; classtype:trojan-activity;sid:83692165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829061)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829061/; classtype:trojan-activity;sid:83692161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829062)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829062/; classtype:trojan-activity;sid:83692162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829060)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"104.218.236.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829060/; classtype:trojan-activity;sid:83692160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829056)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829056/; classtype:trojan-activity;sid:83692156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829057)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829057/; classtype:trojan-activity;sid:83692157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829058)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829058/; classtype:trojan-activity;sid:83692158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829059)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.252.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829059/; classtype:trojan-activity;sid:83692159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829055)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.mips"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829055/; classtype:trojan-activity;sid:83692155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829048)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829048/; classtype:trojan-activity;sid:83692148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829049)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.x86"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829049/; classtype:trojan-activity;sid:83692149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829050)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829050/; classtype:trojan-activity;sid:83692150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829051)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829051/; classtype:trojan-activity;sid:83692151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829052)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm6"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829052/; classtype:trojan-activity;sid:83692152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829053)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.x86_64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"89.213.164.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829053/; classtype:trojan-activity;sid:83692153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829054)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829054/; classtype:trojan-activity;sid:83692154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829047)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm6"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829047/; classtype:trojan-activity;sid:83692147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829040)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.mipsel"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829040/; classtype:trojan-activity;sid:83692140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829041)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829041/; classtype:trojan-activity;sid:83692141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829042)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm7"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829042/; classtype:trojan-activity;sid:83692142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829043)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829043/; classtype:trojan-activity;sid:83692143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829044)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.x86"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829044/; classtype:trojan-activity;sid:83692144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829045)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.213.164.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829045/; classtype:trojan-activity;sid:83692145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829046)"; flow:established,from_client; content:"GET"; http_method; content:"/36shr.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"92.118.112.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829046/; classtype:trojan-activity;sid:83692146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829039)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829039/; classtype:trojan-activity;sid:83692139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829037)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.ppc"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829037/; classtype:trojan-activity;sid:83692137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829038)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829038/; classtype:trojan-activity;sid:83692138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829033)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm7"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829033/; classtype:trojan-activity;sid:83692133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829034)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829034/; classtype:trojan-activity;sid:83692134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829035)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829035/; classtype:trojan-activity;sid:83692135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829036)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829036/; classtype:trojan-activity;sid:83692136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829027)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829027/; classtype:trojan-activity;sid:83692127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829028)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.ppc"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829028/; classtype:trojan-activity;sid:83692128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829029)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829029/; classtype:trojan-activity;sid:83692129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829030)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.sh4"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829030/; classtype:trojan-activity;sid:83692130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829031)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829031/; classtype:trojan-activity;sid:83692131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829032)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829032/; classtype:trojan-activity;sid:83692132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829026)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829026/; classtype:trojan-activity;sid:83692126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829025)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829025/; classtype:trojan-activity;sid:83692125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829023)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.m68k"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829023/; classtype:trojan-activity;sid:83692123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829024)"; flow:established,from_client; content:"GET"; http_method; content:"/top1hbt.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"89.213.164.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829024/; classtype:trojan-activity;sid:83692124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829022)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829022/; classtype:trojan-activity;sid:83692122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829018)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829018/; classtype:trojan-activity;sid:83692118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829019)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mpsl"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829019/; classtype:trojan-activity;sid:83692119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829020)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.powerpc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829020/; classtype:trojan-activity;sid:83692120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829021)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829021/; classtype:trojan-activity;sid:83692121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829016)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.arm5"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829016/; classtype:trojan-activity;sid:83692116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829017)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.sh4"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829017/; classtype:trojan-activity;sid:83692117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829013)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829013/; classtype:trojan-activity;sid:83692113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829014)"; flow:established,from_client; content:"GET"; http_method; content:"/bigbot"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829014/; classtype:trojan-activity;sid:83692114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829015)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.66.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829015/; classtype:trojan-activity;sid:83692115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829011/; classtype:trojan-activity;sid:83692111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829012)"; flow:established,from_client; content:"GET"; http_method; content:"/pandoras_box/pandora.mpsl"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"104.243.41.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829012/; classtype:trojan-activity;sid:83692112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829007)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829007/; classtype:trojan-activity;sid:83692107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829008)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829008/; classtype:trojan-activity;sid:83692108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829009)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829009/; classtype:trojan-activity;sid:83692109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829010)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829010/; classtype:trojan-activity;sid:83692110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829004)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"141.98.10.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829004/; classtype:trojan-activity;sid:83692104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829005)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.mips"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829005/; classtype:trojan-activity;sid:83692105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829006)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829006/; classtype:trojan-activity;sid:83692106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829001)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829001/; classtype:trojan-activity;sid:83692101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829002)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829002/; classtype:trojan-activity;sid:83692102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829003)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829003/; classtype:trojan-activity;sid:83692103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828995)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.m68k"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828995/; classtype:trojan-activity;sid:83692095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828996)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828996/; classtype:trojan-activity;sid:83692096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828997)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.sparc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828997/; classtype:trojan-activity;sid:83692097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828998)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828998/; classtype:trojan-activity;sid:83692098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828999)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828999/; classtype:trojan-activity;sid:83692099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2829000)"; flow:established,from_client; content:"GET"; http_method; content:"/la.bot.arm7"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"79.124.40.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2829000/; classtype:trojan-activity;sid:83692100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828993)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/syms.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.92.242.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828993/; classtype:trojan-activity;sid:83692093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828994)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/unhanaaw.arm5"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.117.3.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828994/; classtype:trojan-activity;sid:83692094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828992)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828992/; classtype:trojan-activity;sid:83692092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.126.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828991/; classtype:trojan-activity;sid:83692091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828990/; classtype:trojan-activity;sid:83692090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.30.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828989/; classtype:trojan-activity;sid:83692089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.109.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828988/; classtype:trojan-activity;sid:83692088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828987/; classtype:trojan-activity;sid:83692087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828986)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.125.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828986/; classtype:trojan-activity;sid:83692086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828985)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828985/; classtype:trojan-activity;sid:83692085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828983)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.88.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828983/; classtype:trojan-activity;sid:83692083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828984)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.231.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828984/; classtype:trojan-activity;sid:83692084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828982)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.207.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828982/; classtype:trojan-activity;sid:83692082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.33.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828981/; classtype:trojan-activity;sid:83692081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828980)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.246.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828980/; classtype:trojan-activity;sid:83692080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828979)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.44.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828979/; classtype:trojan-activity;sid:83692079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828978)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.107.97.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828978/; classtype:trojan-activity;sid:83692078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828977)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828977/; classtype:trojan-activity;sid:83692077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.242.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828976/; classtype:trojan-activity;sid:83692076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828975/; classtype:trojan-activity;sid:83692075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.246.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828974/; classtype:trojan-activity;sid:83692074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.214.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828973/; classtype:trojan-activity;sid:83692073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.195.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828972/; classtype:trojan-activity;sid:83692072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828971)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828971/; classtype:trojan-activity;sid:83692071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828970)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.77.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828970/; classtype:trojan-activity;sid:83692070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.91.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828969/; classtype:trojan-activity;sid:83692069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.197.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828968/; classtype:trojan-activity;sid:83692068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828967)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828967/; classtype:trojan-activity;sid:83692067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828966)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.42.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828966/; classtype:trojan-activity;sid:83692066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828965)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.109.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828965/; classtype:trojan-activity;sid:83692065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828964)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828964/; classtype:trojan-activity;sid:83692064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828963)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.220.38.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828963/; classtype:trojan-activity;sid:83692063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828962)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.235.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828962/; classtype:trojan-activity;sid:83692062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.145.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828960/; classtype:trojan-activity;sid:83692060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.23.159.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828961/; classtype:trojan-activity;sid:83692061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.195.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828959/; classtype:trojan-activity;sid:83692059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828958)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669033727|3f|hash=5shrrjnzgexrbfgzysivlgxouno0akh6dwrmky1ywno|7c|26|7c|dl=zgeuxfmxjmjcslx1q6hn7z65fxnkqfj2vwczllriy8w|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828958/; classtype:trojan-activity;sid:83692058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828957/; classtype:trojan-activity;sid:83692057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828956)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.26.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828956/; classtype:trojan-activity;sid:83692056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.37.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828955/; classtype:trojan-activity;sid:83692055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828954)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.197.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828954/; classtype:trojan-activity;sid:83692054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828953)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828953/; classtype:trojan-activity;sid:83692053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.118.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828951/; classtype:trojan-activity;sid:83692051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828952)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.26.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828952/; classtype:trojan-activity;sid:83692052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828950)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.159.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828950/; classtype:trojan-activity;sid:83692050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828949/; classtype:trojan-activity;sid:83692049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828948)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.79.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828948/; classtype:trojan-activity;sid:83692048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.46.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828947/; classtype:trojan-activity;sid:83692047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.145.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828946/; classtype:trojan-activity;sid:83692046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828945)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.107.8.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828945/; classtype:trojan-activity;sid:83692045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828943/; classtype:trojan-activity;sid:83692043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828944)"; flow:established,from_client; content:"GET"; http_method; content:"/attachments/1232897598218571787/1233725964500996127/csgg.exe|3f|ex=662e2457|7c|26|7c|is=662cd2d7|7c|26|7c|hm=505ce3df6c3daa79a71a95fe96bbc34c63911100fbc325304c7e4b2117b78c0f|7c|26|7c|"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cdn.discordapp.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828944/; classtype:trojan-activity;sid:83692044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828941)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.89.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828941/; classtype:trojan-activity;sid:83692041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.128.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828942/; classtype:trojan-activity;sid:83692042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828940)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828940/; classtype:trojan-activity;sid:83692040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.93.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828939/; classtype:trojan-activity;sid:83692039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828938)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.251.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828938/; classtype:trojan-activity;sid:83692038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.228.135.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828937/; classtype:trojan-activity;sid:83692037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.214.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828936/; classtype:trojan-activity;sid:83692036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.227.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828935/; classtype:trojan-activity;sid:83692035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.156.181.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828934/; classtype:trojan-activity;sid:83692034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828933/; classtype:trojan-activity;sid:83692033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828932)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.37.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828932/; classtype:trojan-activity;sid:83692032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.73.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828931/; classtype:trojan-activity;sid:83692031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828930/; classtype:trojan-activity;sid:83692030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.87.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828929/; classtype:trojan-activity;sid:83692029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828928)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.128.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828928/; classtype:trojan-activity;sid:83692028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.89.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828927/; classtype:trojan-activity;sid:83692027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828926)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828926/; classtype:trojan-activity;sid:83692026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828924)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.181.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828924/; classtype:trojan-activity;sid:83692024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828925/; classtype:trojan-activity;sid:83692025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828923)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.155.112.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828923/; classtype:trojan-activity;sid:83692023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828922)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.13.48"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828922/; classtype:trojan-activity;sid:83692022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828921/; classtype:trojan-activity;sid:83692021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828920)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828920/; classtype:trojan-activity;sid:83692020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.172.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828919/; classtype:trojan-activity;sid:83692019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.87.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828918/; classtype:trojan-activity;sid:83692018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.50.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828917/; classtype:trojan-activity;sid:83692017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.160.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828916/; classtype:trojan-activity;sid:83692016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828915)"; flow:established,from_client; content:"GET"; http_method; content:"/xie.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"zhngxie.wf"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828915/; classtype:trojan-activity;sid:83692015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.50.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828914/; classtype:trojan-activity;sid:83692014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828913)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.149.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828913/; classtype:trojan-activity;sid:83692013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.87.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828912/; classtype:trojan-activity;sid:83692012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.127.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828911/; classtype:trojan-activity;sid:83692011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.186.112.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828910/; classtype:trojan-activity;sid:83692010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.209.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828908/; classtype:trojan-activity;sid:83692008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.38.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828909/; classtype:trojan-activity;sid:83692009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828907)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.51.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828907/; classtype:trojan-activity;sid:83692007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.19.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828906/; classtype:trojan-activity;sid:83692006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.205.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828905/; classtype:trojan-activity;sid:83692005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.172.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828904/; classtype:trojan-activity;sid:83692004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828902/; classtype:trojan-activity;sid:83692002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828903)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.81.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828903/; classtype:trojan-activity;sid:83692003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.228.246.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828901/; classtype:trojan-activity;sid:83692001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828900)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828900/; classtype:trojan-activity;sid:83692000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.113.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828898/; classtype:trojan-activity;sid:83691998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828899)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.161.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828899/; classtype:trojan-activity;sid:83691999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828897/; classtype:trojan-activity;sid:83691997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.201"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828896/; classtype:trojan-activity;sid:83691996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828895)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.38.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828895/; classtype:trojan-activity;sid:83691995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.12.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828894/; classtype:trojan-activity;sid:83691994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.131.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828893/; classtype:trojan-activity;sid:83691993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828892)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.209.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828892/; classtype:trojan-activity;sid:83691992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.87.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828891/; classtype:trojan-activity;sid:83691991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828890)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828890/; classtype:trojan-activity;sid:83691990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828889)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.186.112.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828889/; classtype:trojan-activity;sid:83691989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.53.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828888/; classtype:trojan-activity;sid:83691988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828887/; classtype:trojan-activity;sid:83691987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.2.109.80"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828886/; classtype:trojan-activity;sid:83691986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828885)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.24.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828885/; classtype:trojan-activity;sid:83691985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828882)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828882/; classtype:trojan-activity;sid:83691982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.27.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828883/; classtype:trojan-activity;sid:83691983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.224.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828884/; classtype:trojan-activity;sid:83691984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.246.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828881/; classtype:trojan-activity;sid:83691981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.22.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828880/; classtype:trojan-activity;sid:83691980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.94.12.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828878/; classtype:trojan-activity;sid:83691978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828879)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.12.113.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828879/; classtype:trojan-activity;sid:83691979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.113.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828877/; classtype:trojan-activity;sid:83691977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.106.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828876/; classtype:trojan-activity;sid:83691976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.131.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828875/; classtype:trojan-activity;sid:83691975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.121.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828874/; classtype:trojan-activity;sid:83691974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828872)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.27.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828872/; classtype:trojan-activity;sid:83691972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.6.70.224"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828873/; classtype:trojan-activity;sid:83691973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.12.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828871/; classtype:trojan-activity;sid:83691971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828870/; classtype:trojan-activity;sid:83691970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828869)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.220.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828869/; classtype:trojan-activity;sid:83691969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828867)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.82.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828867/; classtype:trojan-activity;sid:83691967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828868)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.234.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828868/; classtype:trojan-activity;sid:83691968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828865)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.79.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828865/; classtype:trojan-activity;sid:83691965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.178.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828866/; classtype:trojan-activity;sid:83691966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.98.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828864/; classtype:trojan-activity;sid:83691964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.10.246.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828862/; classtype:trojan-activity;sid:83691962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.178.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828863/; classtype:trojan-activity;sid:83691963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828861/; classtype:trojan-activity;sid:83691961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828860)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.224.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828860/; classtype:trojan-activity;sid:83691960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.22.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828859/; classtype:trojan-activity;sid:83691959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828858/; classtype:trojan-activity;sid:83691958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.99.0.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828857/; classtype:trojan-activity;sid:83691957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.24.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828856/; classtype:trojan-activity;sid:83691956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828855)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.68.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828855/; classtype:trojan-activity;sid:83691955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.15.53.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828854/; classtype:trojan-activity;sid:83691954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.52.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828853/; classtype:trojan-activity;sid:83691953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828851)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.33.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828851/; classtype:trojan-activity;sid:83691951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828852)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.154.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828852/; classtype:trojan-activity;sid:83691952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828850)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828850/; classtype:trojan-activity;sid:83691950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.118.29"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828849/; classtype:trojan-activity;sid:83691949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828848)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.178.124"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828848/; classtype:trojan-activity;sid:83691948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828847/; classtype:trojan-activity;sid:83691947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.101.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828846/; classtype:trojan-activity;sid:83691946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.21.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828845/; classtype:trojan-activity;sid:83691945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.244.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828844/; classtype:trojan-activity;sid:83691944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.42.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828843/; classtype:trojan-activity;sid:83691943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828839)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828839/; classtype:trojan-activity;sid:83691939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828840)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828840/; classtype:trojan-activity;sid:83691940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828841)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828841/; classtype:trojan-activity;sid:83691941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828842)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828842/; classtype:trojan-activity;sid:83691942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828835)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828835/; classtype:trojan-activity;sid:83691935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828836)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828836/; classtype:trojan-activity;sid:83691936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828837)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828837/; classtype:trojan-activity;sid:83691937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828838)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828838/; classtype:trojan-activity;sid:83691938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828829)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828829/; classtype:trojan-activity;sid:83691929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828830)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828830/; classtype:trojan-activity;sid:83691930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828831)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828831/; classtype:trojan-activity;sid:83691931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828832)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828832/; classtype:trojan-activity;sid:83691932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828833)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828833/; classtype:trojan-activity;sid:83691933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828834)"; flow:established,from_client; content:"GET"; http_method; content:"/l.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828834/; classtype:trojan-activity;sid:83691934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828820)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828820/; classtype:trojan-activity;sid:83691920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828821)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828821/; classtype:trojan-activity;sid:83691921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828822)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828822/; classtype:trojan-activity;sid:83691922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828823)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828823/; classtype:trojan-activity;sid:83691923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828824)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828824/; classtype:trojan-activity;sid:83691924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828825)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828825/; classtype:trojan-activity;sid:83691925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828826)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828826/; classtype:trojan-activity;sid:83691926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828827)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828827/; classtype:trojan-activity;sid:83691927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828828)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828828/; classtype:trojan-activity;sid:83691928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828816)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828816/; classtype:trojan-activity;sid:83691916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828817)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828817/; classtype:trojan-activity;sid:83691917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828818)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828818/; classtype:trojan-activity;sid:83691918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828819)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828819/; classtype:trojan-activity;sid:83691919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828811)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828811/; classtype:trojan-activity;sid:83691911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828812)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828812/; classtype:trojan-activity;sid:83691912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828813)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828813/; classtype:trojan-activity;sid:83691913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828814)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828814/; classtype:trojan-activity;sid:83691914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828815)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828815/; classtype:trojan-activity;sid:83691915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828804)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828804/; classtype:trojan-activity;sid:83691904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828805)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828805/; classtype:trojan-activity;sid:83691905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828806)"; flow:established,from_client; content:"GET"; http_method; content:"/sc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828806/; classtype:trojan-activity;sid:83691906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828807)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828807/; classtype:trojan-activity;sid:83691907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828808)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828808/; classtype:trojan-activity;sid:83691908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828809)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828809/; classtype:trojan-activity;sid:83691909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828810)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828810/; classtype:trojan-activity;sid:83691910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828796)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828796/; classtype:trojan-activity;sid:83691896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828797)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828797/; classtype:trojan-activity;sid:83691897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828798)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828798/; classtype:trojan-activity;sid:83691898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828799)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828799/; classtype:trojan-activity;sid:83691899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828800)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828800/; classtype:trojan-activity;sid:83691900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828801)"; flow:established,from_client; content:"GET"; http_method; content:"/so"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828801/; classtype:trojan-activity;sid:83691901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828802)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828802/; classtype:trojan-activity;sid:83691902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828803)"; flow:established,from_client; content:"GET"; http_method; content:"/s.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828803/; classtype:trojan-activity;sid:83691903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828794)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828794/; classtype:trojan-activity;sid:83691894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828795)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828795/; classtype:trojan-activity;sid:83691895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828790)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828790/; classtype:trojan-activity;sid:83691890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828791)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828791/; classtype:trojan-activity;sid:83691891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828792)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828792/; classtype:trojan-activity;sid:83691892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828793)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828793/; classtype:trojan-activity;sid:83691893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828787)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828787/; classtype:trojan-activity;sid:83691887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828788)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828788/; classtype:trojan-activity;sid:83691888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828789)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828789/; classtype:trojan-activity;sid:83691889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828778)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828778/; classtype:trojan-activity;sid:83691878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828779)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828779/; classtype:trojan-activity;sid:83691879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828780)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828780/; classtype:trojan-activity;sid:83691880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828781)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828781/; classtype:trojan-activity;sid:83691881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828782)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828782/; classtype:trojan-activity;sid:83691882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828783)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828783/; classtype:trojan-activity;sid:83691883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828784)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828784/; classtype:trojan-activity;sid:83691884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828785)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828785/; classtype:trojan-activity;sid:83691885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828786)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828786/; classtype:trojan-activity;sid:83691886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828777)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828777/; classtype:trojan-activity;sid:83691877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828776)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828776/; classtype:trojan-activity;sid:83691876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828775)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.24.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828775/; classtype:trojan-activity;sid:83691875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828774)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828774/; classtype:trojan-activity;sid:83691874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828773/; classtype:trojan-activity;sid:83691873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828772)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.235.247"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828772/; classtype:trojan-activity;sid:83691872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828771)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.34.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828771/; classtype:trojan-activity;sid:83691871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.5.36.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828770/; classtype:trojan-activity;sid:83691870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828769)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.131.60.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828769/; classtype:trojan-activity;sid:83691869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828768)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.61.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828768/; classtype:trojan-activity;sid:83691868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828767)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"122.159.62.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828767/; classtype:trojan-activity;sid:83691867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828764)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828764/; classtype:trojan-activity;sid:83691864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828765)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828765/; classtype:trojan-activity;sid:83691865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828766)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828766/; classtype:trojan-activity;sid:83691866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828757)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828757/; classtype:trojan-activity;sid:83691857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828758)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828758/; classtype:trojan-activity;sid:83691858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828759)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.m68"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828759/; classtype:trojan-activity;sid:83691859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828760)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828760/; classtype:trojan-activity;sid:83691860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828761)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828761/; classtype:trojan-activity;sid:83691861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828762)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.ppc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828762/; classtype:trojan-activity;sid:83691862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828763)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.arm4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828763/; classtype:trojan-activity;sid:83691863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828754)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.spc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828754/; classtype:trojan-activity;sid:83691854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828755)"; flow:established,from_client; content:"GET"; http_method; content:"/bins.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828755/; classtype:trojan-activity;sid:83691855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.158.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828756/; classtype:trojan-activity;sid:83691856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.111.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828753/; classtype:trojan-activity;sid:83691853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828752)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.176.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828752/; classtype:trojan-activity;sid:83691852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828751/; classtype:trojan-activity;sid:83691851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828750)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.48.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828750/; classtype:trojan-activity;sid:83691850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828747)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828747/; classtype:trojan-activity;sid:83691847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828748)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828748/; classtype:trojan-activity;sid:83691848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828749)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828749/; classtype:trojan-activity;sid:83691849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828746)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828746/; classtype:trojan-activity;sid:83691846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828744)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828744/; classtype:trojan-activity;sid:83691844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828745)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828745/; classtype:trojan-activity;sid:83691845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828740)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828740/; classtype:trojan-activity;sid:83691840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828741)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828741/; classtype:trojan-activity;sid:83691841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828742)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828742/; classtype:trojan-activity;sid:83691842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828743)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828743/; classtype:trojan-activity;sid:83691843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828733)"; flow:established,from_client; content:"GET"; http_method; content:"/irz"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828733/; classtype:trojan-activity;sid:83691833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828734)"; flow:established,from_client; content:"GET"; http_method; content:"/z.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828734/; classtype:trojan-activity;sid:83691834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828735)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828735/; classtype:trojan-activity;sid:83691835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828736)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828736/; classtype:trojan-activity;sid:83691836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828737)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828737/; classtype:trojan-activity;sid:83691837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828738)"; flow:established,from_client; content:"GET"; http_method; content:"/weed"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828738/; classtype:trojan-activity;sid:83691838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828739)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro6x.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828739/; classtype:trojan-activity;sid:83691839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828727)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828727/; classtype:trojan-activity;sid:83691827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828728)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828728/; classtype:trojan-activity;sid:83691828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828729)"; flow:established,from_client; content:"GET"; http_method; content:"/k.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828729/; classtype:trojan-activity;sid:83691829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828730)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828730/; classtype:trojan-activity;sid:83691830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828731)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828731/; classtype:trojan-activity;sid:83691831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828732)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828732/; classtype:trojan-activity;sid:83691832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828720)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.spc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828720/; classtype:trojan-activity;sid:83691820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828721)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828721/; classtype:trojan-activity;sid:83691821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828722)"; flow:established,from_client; content:"GET"; http_method; content:"/gocl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828722/; classtype:trojan-activity;sid:83691822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828723)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828723/; classtype:trojan-activity;sid:83691823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828724)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828724/; classtype:trojan-activity;sid:83691824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828725)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828725/; classtype:trojan-activity;sid:83691825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828726)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828726/; classtype:trojan-activity;sid:83691826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828718)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828718/; classtype:trojan-activity;sid:83691818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828717)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.230.160"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828717/; classtype:trojan-activity;sid:83691817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.169.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828716/; classtype:trojan-activity;sid:83691816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828715)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.73.47.152"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828715/; classtype:trojan-activity;sid:83691815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.133.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828714/; classtype:trojan-activity;sid:83691814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.31.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828713/; classtype:trojan-activity;sid:83691813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.19.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828712/; classtype:trojan-activity;sid:83691812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.238.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828711/; classtype:trojan-activity;sid:83691811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828710)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.36.193"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828710/; classtype:trojan-activity;sid:83691810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828709)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828709/; classtype:trojan-activity;sid:83691809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.13.57.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828708/; classtype:trojan-activity;sid:83691808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828706)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.67.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828706/; classtype:trojan-activity;sid:83691806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.25.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828707/; classtype:trojan-activity;sid:83691807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828705)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828705/; classtype:trojan-activity;sid:83691805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.209.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828704/; classtype:trojan-activity;sid:83691804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.158.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828703/; classtype:trojan-activity;sid:83691803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.179.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828702/; classtype:trojan-activity;sid:83691802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828701)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.190.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828701/; classtype:trojan-activity;sid:83691801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.237.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828700/; classtype:trojan-activity;sid:83691800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828699)"; flow:established,from_client; content:"GET"; http_method; content:"/eveninggreatformonkeykingtounderstandtheyfeelingtheloveandsxentirethingswhichneverbreakupallthingsfromtheheart___shemygirlmywifesheismy.doc"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828699/; classtype:trojan-activity;sid:83691799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.21.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828698/; classtype:trojan-activity;sid:83691798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828697)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.57.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828697/; classtype:trojan-activity;sid:83691797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828696)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.111.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828696/; classtype:trojan-activity;sid:83691796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.123.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828695/; classtype:trojan-activity;sid:83691795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828694)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.144.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828694/; classtype:trojan-activity;sid:83691794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.237.85"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828693/; classtype:trojan-activity;sid:83691793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.203.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828692/; classtype:trojan-activity;sid:83691792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.169.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828691/; classtype:trojan-activity;sid:83691791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.28.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828690/; classtype:trojan-activity;sid:83691790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828689)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.80.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828689/; classtype:trojan-activity;sid:83691789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828688)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.31.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828688/; classtype:trojan-activity;sid:83691788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828687)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828687/; classtype:trojan-activity;sid:83691787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828686)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.209.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828686/; classtype:trojan-activity;sid:83691786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.50.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828685/; classtype:trojan-activity;sid:83691785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.69.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828684/; classtype:trojan-activity;sid:83691784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828683/; classtype:trojan-activity;sid:83691783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.179.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828682/; classtype:trojan-activity;sid:83691782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828681)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.111.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828681/; classtype:trojan-activity;sid:83691781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.144.109"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828680/; classtype:trojan-activity;sid:83691780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828679)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828679/; classtype:trojan-activity;sid:83691779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828678)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.62.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828678/; classtype:trojan-activity;sid:83691778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828677)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.28.239"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828677/; classtype:trojan-activity;sid:83691777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.190.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828676/; classtype:trojan-activity;sid:83691776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828675)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.209.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828675/; classtype:trojan-activity;sid:83691775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828674)"; flow:established,from_client; content:"GET"; http_method; content:"/morningworkingforgetbackwithentireprocessgetmebacktomesheisverydetailedinprojectgetunderstand___sheisverybeautifulsheisgreat.doc"; http_uri; depth:129; isdataat:!1,relative; nocase; content:"23.95.60.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828674/; classtype:trojan-activity;sid:83691774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828673)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.240.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828673/; classtype:trojan-activity;sid:83691773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828672)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.37.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828672/; classtype:trojan-activity;sid:83691772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828671)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.250.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828671/; classtype:trojan-activity;sid:83691771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.88.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828670/; classtype:trojan-activity;sid:83691770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828669)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.arm/"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828669/; classtype:trojan-activity;sid:83691769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828668)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.5.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828668/; classtype:trojan-activity;sid:83691768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828667)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.159.4.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828667/; classtype:trojan-activity;sid:83691767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.248.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828666/; classtype:trojan-activity;sid:83691766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828665)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.90.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828665/; classtype:trojan-activity;sid:83691765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828664)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828664/; classtype:trojan-activity;sid:83691764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828663)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828663/; classtype:trojan-activity;sid:83691763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828662/; classtype:trojan-activity;sid:83691762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828661)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828661/; classtype:trojan-activity;sid:83691761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.33.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828660/; classtype:trojan-activity;sid:83691760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.221.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828659/; classtype:trojan-activity;sid:83691759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828658)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828658/; classtype:trojan-activity;sid:83691758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828657)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.146.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828657/; classtype:trojan-activity;sid:83691757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828656)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.132.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828656/; classtype:trojan-activity;sid:83691756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.194.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828655/; classtype:trojan-activity;sid:83691755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828654)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.190.132"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828654/; classtype:trojan-activity;sid:83691754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828653)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668993752|3f|hash=n6ashhdneszwmugqz4v43xjmonozj4jjeb0yup7ci8w|7c|26|7c|dl=mma4dicbivmeu9j1sbsic5wb6qxsviqo6xd8cujpzbs|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828653/; classtype:trojan-activity;sid:83691753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.59.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828652/; classtype:trojan-activity;sid:83691752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.59.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828651/; classtype:trojan-activity;sid:83691751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828650)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.82.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828650/; classtype:trojan-activity;sid:83691750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.105.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828649/; classtype:trojan-activity;sid:83691749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828648/; classtype:trojan-activity;sid:83691748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828647)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.60.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828647/; classtype:trojan-activity;sid:83691747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.63"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828646/; classtype:trojan-activity;sid:83691746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828645/; classtype:trojan-activity;sid:83691745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828644/; classtype:trojan-activity;sid:83691744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828643)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828643/; classtype:trojan-activity;sid:83691743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.70.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828642/; classtype:trojan-activity;sid:83691742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828641)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828641/; classtype:trojan-activity;sid:83691741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828640)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.210.183.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828640/; classtype:trojan-activity;sid:83691740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828639)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.33.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828639/; classtype:trojan-activity;sid:83691739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.206.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828638/; classtype:trojan-activity;sid:83691738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828637)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.5.17.252"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828637/; classtype:trojan-activity;sid:83691737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.186.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828636/; classtype:trojan-activity;sid:83691736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828635)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828635/; classtype:trojan-activity;sid:83691735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.171.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828634/; classtype:trojan-activity;sid:83691734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828633/; classtype:trojan-activity;sid:83691733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828632)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"114.221.221.240"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828632/; classtype:trojan-activity;sid:83691732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828631)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.238.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828631/; classtype:trojan-activity;sid:83691731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828630)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.59.228"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828630/; classtype:trojan-activity;sid:83691730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828629)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828629/; classtype:trojan-activity;sid:83691729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.117.172.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828628/; classtype:trojan-activity;sid:83691728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.81.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828627/; classtype:trojan-activity;sid:83691727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828626)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.176.107.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828626/; classtype:trojan-activity;sid:83691726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.247.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828625/; classtype:trojan-activity;sid:83691725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828624)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.243.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828624/; classtype:trojan-activity;sid:83691724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.44.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828623/; classtype:trojan-activity;sid:83691723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.208.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828622/; classtype:trojan-activity;sid:83691722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.52.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828621/; classtype:trojan-activity;sid:83691721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828620)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.220.199"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828620/; classtype:trojan-activity;sid:83691720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.185.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828619/; classtype:trojan-activity;sid:83691719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.186.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828618/; classtype:trojan-activity;sid:83691718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828617)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.67.194.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828617/; classtype:trojan-activity;sid:83691717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828616/; classtype:trojan-activity;sid:83691716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.58.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828615/; classtype:trojan-activity;sid:83691715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828614)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.247.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828614/; classtype:trojan-activity;sid:83691714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828613/; classtype:trojan-activity;sid:83691713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828612)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.137.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828612/; classtype:trojan-activity;sid:83691712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828611)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828611/; classtype:trojan-activity;sid:83691711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.193.37"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828610/; classtype:trojan-activity;sid:83691710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828609)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.215.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828609/; classtype:trojan-activity;sid:83691709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828608/; classtype:trojan-activity;sid:83691708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828607)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.237.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828607/; classtype:trojan-activity;sid:83691707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.61.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828606/; classtype:trojan-activity;sid:83691706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.185.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828605/; classtype:trojan-activity;sid:83691705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.80.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828604/; classtype:trojan-activity;sid:83691704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.123.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828603/; classtype:trojan-activity;sid:83691703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828602)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.105.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828602/; classtype:trojan-activity;sid:83691702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828601/; classtype:trojan-activity;sid:83691701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828600)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828600/; classtype:trojan-activity;sid:83691700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828599/; classtype:trojan-activity;sid:83691699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.231.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828598/; classtype:trojan-activity;sid:83691698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828597)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828597/; classtype:trojan-activity;sid:83691697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828596)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.148.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828596/; classtype:trojan-activity;sid:83691696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.25.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828595/; classtype:trojan-activity;sid:83691695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.15.143.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828594/; classtype:trojan-activity;sid:83691694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.19.149.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828593/; classtype:trojan-activity;sid:83691693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.248.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828592/; classtype:trojan-activity;sid:83691692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828591)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.215.28"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828591/; classtype:trojan-activity;sid:83691691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.15.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828590/; classtype:trojan-activity;sid:83691690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.142.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828589/; classtype:trojan-activity;sid:83691689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828588)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.23.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828588/; classtype:trojan-activity;sid:83691688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828587)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.173.8.73"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828587/; classtype:trojan-activity;sid:83691687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.25.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828586/; classtype:trojan-activity;sid:83691686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.59.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828585/; classtype:trojan-activity;sid:83691685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.105.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828584/; classtype:trojan-activity;sid:83691684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.23.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828583/; classtype:trojan-activity;sid:83691683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828582)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828582/; classtype:trojan-activity;sid:83691682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828576)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828576/; classtype:trojan-activity;sid:83691676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828577)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828577/; classtype:trojan-activity;sid:83691677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828578)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828578/; classtype:trojan-activity;sid:83691678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828579)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828579/; classtype:trojan-activity;sid:83691679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828580)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828580/; classtype:trojan-activity;sid:83691680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828581)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828581/; classtype:trojan-activity;sid:83691681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828574)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828574/; classtype:trojan-activity;sid:83691674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828575)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828575/; classtype:trojan-activity;sid:83691675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828573)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828573/; classtype:trojan-activity;sid:83691673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.242.105.89"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828572/; classtype:trojan-activity;sid:83691672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828571)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828571/; classtype:trojan-activity;sid:83691671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828570)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.67.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828570/; classtype:trojan-activity;sid:83691670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.218.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828569/; classtype:trojan-activity;sid:83691669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.15.143.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828567/; classtype:trojan-activity;sid:83691667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828568)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.249.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828568/; classtype:trojan-activity;sid:83691668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828566/; classtype:trojan-activity;sid:83691666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.154.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828565/; classtype:trojan-activity;sid:83691665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.231.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828564/; classtype:trojan-activity;sid:83691664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828563)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.19.149.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828563/; classtype:trojan-activity;sid:83691663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.220.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828561/; classtype:trojan-activity;sid:83691661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828562)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.224.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828562/; classtype:trojan-activity;sid:83691662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.241.160.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828560/; classtype:trojan-activity;sid:83691660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.142.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828559/; classtype:trojan-activity;sid:83691659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828558/; classtype:trojan-activity;sid:83691658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.154.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828557/; classtype:trojan-activity;sid:83691657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.234.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828555/; classtype:trojan-activity;sid:83691655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828556/; classtype:trojan-activity;sid:83691656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828554)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.17.226.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828554/; classtype:trojan-activity;sid:83691654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828553)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.0.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828553/; classtype:trojan-activity;sid:83691653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828552)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.67.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828552/; classtype:trojan-activity;sid:83691652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.249.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828551/; classtype:trojan-activity;sid:83691651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828550)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.84.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828550/; classtype:trojan-activity;sid:83691650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.83.168.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828549/; classtype:trojan-activity;sid:83691649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.237.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828546/; classtype:trojan-activity;sid:83691646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.235.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828547/; classtype:trojan-activity;sid:83691647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828548/; classtype:trojan-activity;sid:83691648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.21.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828545/; classtype:trojan-activity;sid:83691645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.237.61.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828544/; classtype:trojan-activity;sid:83691644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828543/; classtype:trojan-activity;sid:83691643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828542)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828542/; classtype:trojan-activity;sid:83691642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828541)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.25.67"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828541/; classtype:trojan-activity;sid:83691641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.25.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828540/; classtype:trojan-activity;sid:83691640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.234.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828539/; classtype:trojan-activity;sid:83691639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.179.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828538/; classtype:trojan-activity;sid:83691638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828537)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.123.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828537/; classtype:trojan-activity;sid:83691637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828536)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828536/; classtype:trojan-activity;sid:83691636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828535)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.32.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828535/; classtype:trojan-activity;sid:83691635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828534)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.0.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828534/; classtype:trojan-activity;sid:83691634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828533)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.248.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828533/; classtype:trojan-activity;sid:83691633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.58.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828532/; classtype:trojan-activity;sid:83691632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828531)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.25.165"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828531/; classtype:trojan-activity;sid:83691631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828530)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.21.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828530/; classtype:trojan-activity;sid:83691630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828529)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.83.168.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828529/; classtype:trojan-activity;sid:83691629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.27.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828528/; classtype:trojan-activity;sid:83691628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.61.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828526/; classtype:trojan-activity;sid:83691626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.119.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828527/; classtype:trojan-activity;sid:83691627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828525)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.171.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828525/; classtype:trojan-activity;sid:83691625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.235.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828524/; classtype:trojan-activity;sid:83691624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828523)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.158.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828523/; classtype:trojan-activity;sid:83691623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828522/; classtype:trojan-activity;sid:83691622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.81.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828521/; classtype:trojan-activity;sid:83691621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828520)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.123.156"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828520/; classtype:trojan-activity;sid:83691620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828519)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.114.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828519/; classtype:trojan-activity;sid:83691619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828518)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.116.245.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828518/; classtype:trojan-activity;sid:83691618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828517)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.44.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828517/; classtype:trojan-activity;sid:83691617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828515)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.146.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828515/; classtype:trojan-activity;sid:83691615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.9.67.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828516/; classtype:trojan-activity;sid:83691616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.176.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828514/; classtype:trojan-activity;sid:83691614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.191.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828513/; classtype:trojan-activity;sid:83691613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.53.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828512/; classtype:trojan-activity;sid:83691612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.184.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828511/; classtype:trojan-activity;sid:83691611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828510/; classtype:trojan-activity;sid:83691610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.37.125.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828509/; classtype:trojan-activity;sid:83691609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828508)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.119.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828508/; classtype:trojan-activity;sid:83691608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.3.136"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828507/; classtype:trojan-activity;sid:83691607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828505)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828505/; classtype:trojan-activity;sid:83691605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.89.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828506/; classtype:trojan-activity;sid:83691606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.99.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828504/; classtype:trojan-activity;sid:83691604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828503)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.162.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828503/; classtype:trojan-activity;sid:83691603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828502)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.164.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828502/; classtype:trojan-activity;sid:83691602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.199.230.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828501/; classtype:trojan-activity;sid:83691601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828499)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.1.146.255"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828499/; classtype:trojan-activity;sid:83691599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828500)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.248.209"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828500/; classtype:trojan-activity;sid:83691600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828497)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.184.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828497/; classtype:trojan-activity;sid:83691597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828498)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.53.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828498/; classtype:trojan-activity;sid:83691598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828496)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.159.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828496/; classtype:trojan-activity;sid:83691596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.11.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828495/; classtype:trojan-activity;sid:83691595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.191.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828493/; classtype:trojan-activity;sid:83691593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.133.90.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828494/; classtype:trojan-activity;sid:83691594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.3.136"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828492/; classtype:trojan-activity;sid:83691592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828491)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.83.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828491/; classtype:trojan-activity;sid:83691591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828490)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.89.244"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828490/; classtype:trojan-activity;sid:83691590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828489/; classtype:trojan-activity;sid:83691589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.69.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828488/; classtype:trojan-activity;sid:83691588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.254.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828487/; classtype:trojan-activity;sid:83691587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.254.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828486/; classtype:trojan-activity;sid:83691586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.185.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828485/; classtype:trojan-activity;sid:83691585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.199.230.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828484/; classtype:trojan-activity;sid:83691584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828483)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.27.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828483/; classtype:trojan-activity;sid:83691583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.11.157"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828482/; classtype:trojan-activity;sid:83691582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.239.61.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828481/; classtype:trojan-activity;sid:83691581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828480)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.191"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828480/; classtype:trojan-activity;sid:83691580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828479)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.236.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828479/; classtype:trojan-activity;sid:83691579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828478)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828478/; classtype:trojan-activity;sid:83691578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828477)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.90.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828477/; classtype:trojan-activity;sid:83691577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828476)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.254.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828476/; classtype:trojan-activity;sid:83691576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.158.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828475/; classtype:trojan-activity;sid:83691575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828474)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.173.112.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828474/; classtype:trojan-activity;sid:83691574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.254.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828473/; classtype:trojan-activity;sid:83691573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828470)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.63.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828470/; classtype:trojan-activity;sid:83691570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828471)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.119"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828471/; classtype:trojan-activity;sid:83691571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828472)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.59.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828472/; classtype:trojan-activity;sid:83691572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.118.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828468/; classtype:trojan-activity;sid:83691568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.2.104.128"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828469/; classtype:trojan-activity;sid:83691569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.94.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828467/; classtype:trojan-activity;sid:83691567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828466)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.8.208.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828466/; classtype:trojan-activity;sid:83691566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.237.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828465/; classtype:trojan-activity;sid:83691565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828464)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828464/; classtype:trojan-activity;sid:83691564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.185.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828463/; classtype:trojan-activity;sid:83691563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.192.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828462/; classtype:trojan-activity;sid:83691562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.85.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828460/; classtype:trojan-activity;sid:83691560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828461/; classtype:trojan-activity;sid:83691561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.221.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828459/; classtype:trojan-activity;sid:83691559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.64.153"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828458/; classtype:trojan-activity;sid:83691558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.158.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828457/; classtype:trojan-activity;sid:83691557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828456/; classtype:trojan-activity;sid:83691556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828455)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.132.166.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828455/; classtype:trojan-activity;sid:83691555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828454/; classtype:trojan-activity;sid:83691554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828453)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828453/; classtype:trojan-activity;sid:83691553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.208.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828452/; classtype:trojan-activity;sid:83691552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.255.200.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828451/; classtype:trojan-activity;sid:83691551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828450)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.167.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828450/; classtype:trojan-activity;sid:83691550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828449)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.250.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828449/; classtype:trojan-activity;sid:83691549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.0.148.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828448/; classtype:trojan-activity;sid:83691548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828447)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.192.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828447/; classtype:trojan-activity;sid:83691547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828446)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828446/; classtype:trojan-activity;sid:83691546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.81.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828445/; classtype:trojan-activity;sid:83691545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828444)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"siqz.anesthetics.biomedzglobal.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828444/; classtype:trojan-activity;sid:83691544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828443)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.2.62"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828443/; classtype:trojan-activity;sid:83691543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828442)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.8.210.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828442/; classtype:trojan-activity;sid:83691542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.11.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828441/; classtype:trojan-activity;sid:83691541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828440)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.38.194.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828440/; classtype:trojan-activity;sid:83691540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.81.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828439/; classtype:trojan-activity;sid:83691539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.173.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828438/; classtype:trojan-activity;sid:83691538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.116.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828437/; classtype:trojan-activity;sid:83691537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828436)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.0.148.55"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828436/; classtype:trojan-activity;sid:83691536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828435)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.23.158.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828435/; classtype:trojan-activity;sid:83691535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828434)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.199.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828434/; classtype:trojan-activity;sid:83691534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.18.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828433/; classtype:trojan-activity;sid:83691533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828432)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828432/; classtype:trojan-activity;sid:83691532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.16.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828431/; classtype:trojan-activity;sid:83691531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828430)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.6.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828430/; classtype:trojan-activity;sid:83691530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828429)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.181.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828429/; classtype:trojan-activity;sid:83691529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828428/; classtype:trojan-activity;sid:83691528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828427)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.194.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828427/; classtype:trojan-activity;sid:83691527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828426/; classtype:trojan-activity;sid:83691526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828425)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.59.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828425/; classtype:trojan-activity;sid:83691525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.116.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828424/; classtype:trojan-activity;sid:83691524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828423)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.18.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828423/; classtype:trojan-activity;sid:83691523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.70.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828422/; classtype:trojan-activity;sid:83691522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.219.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828421/; classtype:trojan-activity;sid:83691521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828420)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.60.7.179"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828420/; classtype:trojan-activity;sid:83691520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828419)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"200.111.102.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828419/; classtype:trojan-activity;sid:83691519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828418)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.156.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828418/; classtype:trojan-activity;sid:83691518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.186.60.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828417/; classtype:trojan-activity;sid:83691517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.30.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828416/; classtype:trojan-activity;sid:83691516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.56.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828415/; classtype:trojan-activity;sid:83691515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828413/; classtype:trojan-activity;sid:83691513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828414)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828414/; classtype:trojan-activity;sid:83691514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828412)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.76.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828412/; classtype:trojan-activity;sid:83691512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.11.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828411/; classtype:trojan-activity;sid:83691511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.3.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828408/; classtype:trojan-activity;sid:83691508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828409/; classtype:trojan-activity;sid:83691509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828410)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.30.80.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_27; reference:url, urlhaus.abuse.ch/url/2828410/; classtype:trojan-activity;sid:83691510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828407)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.16.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828407/; classtype:trojan-activity;sid:83691507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.9.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828406/; classtype:trojan-activity;sid:83691506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.6.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828405/; classtype:trojan-activity;sid:83691505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828404)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.186.60.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828404/; classtype:trojan-activity;sid:83691504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828403)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.71.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828403/; classtype:trojan-activity;sid:83691503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828402)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.104.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828402/; classtype:trojan-activity;sid:83691502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828401/; classtype:trojan-activity;sid:83691501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.94.165.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828400/; classtype:trojan-activity;sid:83691500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.148.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828399/; classtype:trojan-activity;sid:83691499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.246.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828398/; classtype:trojan-activity;sid:83691498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.56.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828397/; classtype:trojan-activity;sid:83691497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.27.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828396/; classtype:trojan-activity;sid:83691496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828395/; classtype:trojan-activity;sid:83691495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.134.122"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828394/; classtype:trojan-activity;sid:83691494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828393)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.9.117"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828393/; classtype:trojan-activity;sid:83691493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.55.153.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828391/; classtype:trojan-activity;sid:83691491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.233.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828392/; classtype:trojan-activity;sid:83691492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.30.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828390/; classtype:trojan-activity;sid:83691490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.82.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828389/; classtype:trojan-activity;sid:83691489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828388)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828388/; classtype:trojan-activity;sid:83691488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.60.130.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828387/; classtype:trojan-activity;sid:83691487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828386)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.185.159.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828386/; classtype:trojan-activity;sid:83691486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828385)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.235.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828385/; classtype:trojan-activity;sid:83691485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.108.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828384/; classtype:trojan-activity;sid:83691484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828383)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.25.76.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828383/; classtype:trojan-activity;sid:83691483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828381)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828381/; classtype:trojan-activity;sid:83691481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828382)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828382/; classtype:trojan-activity;sid:83691482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828380)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"85.239.33.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828380/; classtype:trojan-activity;sid:83691480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828378)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828378/; classtype:trojan-activity;sid:83691478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.99.201.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828379/; classtype:trojan-activity;sid:83691479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.130.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828377/; classtype:trojan-activity;sid:83691477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828376)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.118.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828376/; classtype:trojan-activity;sid:83691476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828375)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.250.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828375/; classtype:trojan-activity;sid:83691475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828374)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.60.130.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828374/; classtype:trojan-activity;sid:83691474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.133.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828373/; classtype:trojan-activity;sid:83691473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.216.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828372/; classtype:trojan-activity;sid:83691472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.233.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828371/; classtype:trojan-activity;sid:83691471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828370)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.108.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828370/; classtype:trojan-activity;sid:83691470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.55.153.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828369/; classtype:trojan-activity;sid:83691469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828368)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.72.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828368/; classtype:trojan-activity;sid:83691468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828367)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.216.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828367/; classtype:trojan-activity;sid:83691467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828366)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.233.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828366/; classtype:trojan-activity;sid:83691466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828365)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/download/73b124c6-6b9e-4b9b-9e44-1310165d8566/fact-naturgyid2104254spainnopago2204202422412.zip"; http_uri; depth:99; isdataat:!1,relative; nocase; content:"cld.pt"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828365/; classtype:trojan-activity;sid:83691465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.133.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828364/; classtype:trojan-activity;sid:83691464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.170.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828363/; classtype:trojan-activity;sid:83691463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828362)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.130.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828362/; classtype:trojan-activity;sid:83691462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.83.184.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828361/; classtype:trojan-activity;sid:83691461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.11.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828360/; classtype:trojan-activity;sid:83691460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828359)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.214.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828359/; classtype:trojan-activity;sid:83691459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.162.73.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828358/; classtype:trojan-activity;sid:83691458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828357)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.99.201.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828357/; classtype:trojan-activity;sid:83691457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.121.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828356/; classtype:trojan-activity;sid:83691456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828355)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.216.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828355/; classtype:trojan-activity;sid:83691455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.72.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828354/; classtype:trojan-activity;sid:83691454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828353)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.6.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828353/; classtype:trojan-activity;sid:83691453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828352)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828352/; classtype:trojan-activity;sid:83691452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828350)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828350/; classtype:trojan-activity;sid:83691450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828351)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"91.92.254.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828351/; classtype:trojan-activity;sid:83691451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828349)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828349/; classtype:trojan-activity;sid:83691449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828348)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.75.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828348/; classtype:trojan-activity;sid:83691448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.162.73.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828347/; classtype:trojan-activity;sid:83691447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.199.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828346/; classtype:trojan-activity;sid:83691446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828344)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828344/; classtype:trojan-activity;sid:83691444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828345)"; flow:established,from_client; content:"GET"; http_method; content:"/hydro.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.131.111.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828345/; classtype:trojan-activity;sid:83691445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.11.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828343/; classtype:trojan-activity;sid:83691443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828342)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.216.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828342/; classtype:trojan-activity;sid:83691442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828340)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.15.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828340/; classtype:trojan-activity;sid:83691440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828341)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.128.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828341/; classtype:trojan-activity;sid:83691441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828339)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.73.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828339/; classtype:trojan-activity;sid:83691439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828338)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.246.125.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828338/; classtype:trojan-activity;sid:83691438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.224.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828336/; classtype:trojan-activity;sid:83691436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828337)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.121.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828337/; classtype:trojan-activity;sid:83691437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828335)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.75.220.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828335/; classtype:trojan-activity;sid:83691435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828334)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.152"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828334/; classtype:trojan-activity;sid:83691434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828333)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.0.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828333/; classtype:trojan-activity;sid:83691433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.6.147"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828332/; classtype:trojan-activity;sid:83691432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828330)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828330/; classtype:trojan-activity;sid:83691430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.182.64"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828331/; classtype:trojan-activity;sid:83691431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828329)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bigwing.algoitsolutions.co.uk"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828329/; classtype:trojan-activity;sid:83691429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828328)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.99.145.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828328/; classtype:trojan-activity;sid:83691428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.0.148"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828327/; classtype:trojan-activity;sid:83691427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828324)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"rjjewelpk.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828324/; classtype:trojan-activity;sid:83691424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828325)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828325/; classtype:trojan-activity;sid:83691425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828326)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"metrobasket.in"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828326/; classtype:trojan-activity;sid:83691426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828318)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"2mo.com"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828318/; classtype:trojan-activity;sid:83691418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828319)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"stgmountainair.wpengine.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828319/; classtype:trojan-activity;sid:83691419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828320)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"eco-villas.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828320/; classtype:trojan-activity;sid:83691420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.172.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828321/; classtype:trojan-activity;sid:83691421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828322)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.pujamosporti.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828322/; classtype:trojan-activity;sid:83691422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828323)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/share-private-files/shared/"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"saveutilitybills.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828323/; classtype:trojan-activity;sid:83691423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828315)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"newsmedia247.site"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828315/; classtype:trojan-activity;sid:83691415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828316)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bissecci.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828316/; classtype:trojan-activity;sid:83691416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828317)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"phs124168.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828317/; classtype:trojan-activity;sid:83691417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.82.177"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828314/; classtype:trojan-activity;sid:83691414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.195.52"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828313/; classtype:trojan-activity;sid:83691413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828312)"; flow:established,from_client; content:"GET"; http_method; content:"/security_check/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"arrivingback.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828312/; classtype:trojan-activity;sid:83691412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828311)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/case-419310.appspot.com/o/9m3mvfpdi3%2fdocument_c13_80d969115-51q17428f2747-7346p3.js|3f|alt=media|7c|26|7c|token=19f6f5c2-0710-4f94-9d8a-32cfd54ae657"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828311/; classtype:trojan-activity;sid:83691411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828310/; classtype:trojan-activity;sid:83691410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828309)"; flow:established,from_client; content:"GET"; http_method; content:"/neo.msi"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"146.19.106.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828309/; classtype:trojan-activity;sid:83691409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828308)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.137.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828308/; classtype:trojan-activity;sid:83691408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.12.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828307/; classtype:trojan-activity;sid:83691407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828306/; classtype:trojan-activity;sid:83691406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828305)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.177.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828305/; classtype:trojan-activity;sid:83691405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.145.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828304/; classtype:trojan-activity;sid:83691404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.53.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828303/; classtype:trojan-activity;sid:83691403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828302/; classtype:trojan-activity;sid:83691402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.56.170.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828301/; classtype:trojan-activity;sid:83691401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828300)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.88.251.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828300/; classtype:trojan-activity;sid:83691400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.93.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828299/; classtype:trojan-activity;sid:83691399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828292)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.ppc"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828292/; classtype:trojan-activity;sid:83691392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828293)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.sh4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828293/; classtype:trojan-activity;sid:83691393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828294)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.mips"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828294/; classtype:trojan-activity;sid:83691394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828295)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.arm4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828295/; classtype:trojan-activity;sid:83691395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828296)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.mpsl"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828296/; classtype:trojan-activity;sid:83691396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828297)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.arm6"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828297/; classtype:trojan-activity;sid:83691397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828298)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.x32"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828298/; classtype:trojan-activity;sid:83691398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828291)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.i586"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828291/; classtype:trojan-activity;sid:83691391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828290)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.x86"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828290/; classtype:trojan-activity;sid:83691390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828289)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.m68k"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828289/; classtype:trojan-activity;sid:83691389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828288)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.228.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828288/; classtype:trojan-activity;sid:83691388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.53.241.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828287/; classtype:trojan-activity;sid:83691387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828286)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.172.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828286/; classtype:trojan-activity;sid:83691386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.53.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828285/; classtype:trojan-activity;sid:83691385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.128.31.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828284/; classtype:trojan-activity;sid:83691384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828283)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.115.172.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828283/; classtype:trojan-activity;sid:83691383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828282)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828282/; classtype:trojan-activity;sid:83691382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828281)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828281/; classtype:trojan-activity;sid:83691381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828280)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.187.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828280/; classtype:trojan-activity;sid:83691380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828279/; classtype:trojan-activity;sid:83691379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828278)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.137.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828278/; classtype:trojan-activity;sid:83691378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828277/; classtype:trojan-activity;sid:83691377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828276)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828276/; classtype:trojan-activity;sid:83691376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828275)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.141.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828275/; classtype:trojan-activity;sid:83691375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.56.170.63"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828274/; classtype:trojan-activity;sid:83691374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.241.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828273/; classtype:trojan-activity;sid:83691373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.88.251.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828272/; classtype:trojan-activity;sid:83691372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828271)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.123.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828271/; classtype:trojan-activity;sid:83691371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.1.201"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828269/; classtype:trojan-activity;sid:83691369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.166.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828270/; classtype:trojan-activity;sid:83691370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.37.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828268/; classtype:trojan-activity;sid:83691368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828267)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.9.200"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828267/; classtype:trojan-activity;sid:83691367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.207.228.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828265/; classtype:trojan-activity;sid:83691365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828266)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.57.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828266/; classtype:trojan-activity;sid:83691366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828264)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.56.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828264/; classtype:trojan-activity;sid:83691364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828263/; classtype:trojan-activity;sid:83691363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.120.33.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828262/; classtype:trojan-activity;sid:83691362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828261/; classtype:trojan-activity;sid:83691361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.117.239"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828260/; classtype:trojan-activity;sid:83691360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828259)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.123.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828259/; classtype:trojan-activity;sid:83691359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828258)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828258/; classtype:trojan-activity;sid:83691358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828257)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828257/; classtype:trojan-activity;sid:83691357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828256)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.43.27.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828256/; classtype:trojan-activity;sid:83691356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.23.158.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828254/; classtype:trojan-activity;sid:83691354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.26.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828255/; classtype:trojan-activity;sid:83691355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.37.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828253/; classtype:trojan-activity;sid:83691353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.154.185.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828252/; classtype:trojan-activity;sid:83691352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.126.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828251/; classtype:trojan-activity;sid:83691351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828250/; classtype:trojan-activity;sid:83691350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.74.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828248/; classtype:trojan-activity;sid:83691348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828249)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.87.61.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828249/; classtype:trojan-activity;sid:83691349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828247/; classtype:trojan-activity;sid:83691347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828246)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.71.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828246/; classtype:trojan-activity;sid:83691346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.68.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828245/; classtype:trojan-activity;sid:83691345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828244/; classtype:trojan-activity;sid:83691344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.123.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828243/; classtype:trojan-activity;sid:83691343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828242)"; flow:established,from_client; content:"GET"; http_method; content:"/backdoor.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"129.154.46.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828242/; classtype:trojan-activity;sid:83691342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828241)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828241/; classtype:trojan-activity;sid:83691341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828239)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828239/; classtype:trojan-activity;sid:83691339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828240)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828240/; classtype:trojan-activity;sid:83691340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828232)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828232/; classtype:trojan-activity;sid:83691332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828233)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828233/; classtype:trojan-activity;sid:83691333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828234)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828234/; classtype:trojan-activity;sid:83691334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828235)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828235/; classtype:trojan-activity;sid:83691335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828236)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828236/; classtype:trojan-activity;sid:83691336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828237)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828237/; classtype:trojan-activity;sid:83691337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828238)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828238/; classtype:trojan-activity;sid:83691338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828228)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828228/; classtype:trojan-activity;sid:83691328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828229)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"109.172.112.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828229/; classtype:trojan-activity;sid:83691329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828230)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828230/; classtype:trojan-activity;sid:83691330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828231)"; flow:established,from_client; content:"GET"; http_method; content:"/8e6d9db21fb63946/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.172.128.111"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828231/; classtype:trojan-activity;sid:83691331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828227)"; flow:established,from_client; content:"GET"; http_method; content:"/yftql16.bin"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.8.104"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828227/; classtype:trojan-activity;sid:83691327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828226)"; flow:established,from_client; content:"GET"; http_method; content:"/file%20explorer.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"129.154.46.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828226/; classtype:trojan-activity;sid:83691326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828224)"; flow:established,from_client; content:"GET"; http_method; content:"/sutup-chrome.13.26.x64.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"appx0426.oss-ap-southeast-1.aliyuncs.com"; http_host; depth:40; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828224/; classtype:trojan-activity;sid:83691324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828223)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/enginechromium.msi"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.arovision.com.co"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828223/; classtype:trojan-activity;sid:83691323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828222)"; flow:established,from_client; content:"GET"; http_method; content:"/payload.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"129.154.46.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828222/; classtype:trojan-activity;sid:83691322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.145"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828221/; classtype:trojan-activity;sid:83691321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"adsl-37.37.6.37.tellas.gr"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828219/; classtype:trojan-activity;sid:83691319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828220)"; flow:established,from_client; content:"GET"; http_method; content:"/dezx/oblqlsgpaa72.bin"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"pronethellas.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828220/; classtype:trojan-activity;sid:83691320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828218)"; flow:established,from_client; content:"GET"; http_method; content:"/qqyt33.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188882.000webhostapp.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828218/; classtype:trojan-activity;sid:83691318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828217)"; flow:established,from_client; content:"GET"; http_method; content:"/download|3f|id=1sisufljtsst_w48ix2vwvcg8ow1r24hb|7c|26|7c|export=download"; http_uri; depth:74; isdataat:!1,relative; nocase; content:"drive.usercontent.google.com"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828217/; classtype:trojan-activity;sid:83691317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.240.47.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828216/; classtype:trojan-activity;sid:83691316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828214/; classtype:trojan-activity;sid:83691314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.184.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828213/; classtype:trojan-activity;sid:83691313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.158.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828212/; classtype:trojan-activity;sid:83691312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.87.143.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828211/; classtype:trojan-activity;sid:83691311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.26.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828209/; classtype:trojan-activity;sid:83691309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.248.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828210/; classtype:trojan-activity;sid:83691310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.154.185.135"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828208/; classtype:trojan-activity;sid:83691308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828207/; classtype:trojan-activity;sid:83691307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828206)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.153.217.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828206/; classtype:trojan-activity;sid:83691306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828205)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.192.116.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828205/; classtype:trojan-activity;sid:83691305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828204)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669018195|3f|hash=qmdsbgwp6orfk1jwgv4gczwx9ajjxlein73a7gkdtfk|7c|26|7c|dl=feiri9iynwpqjp4zwxpigsd21odmerg0nza1f3wta30|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828204/; classtype:trojan-activity;sid:83691304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828203)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.45.132.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828203/; classtype:trojan-activity;sid:83691303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828202)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.214.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828202/; classtype:trojan-activity;sid:83691302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828201)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.140.44.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828201/; classtype:trojan-activity;sid:83691301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828200)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.150.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828200/; classtype:trojan-activity;sid:83691300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.92.253.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828198/; classtype:trojan-activity;sid:83691298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.132.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828199/; classtype:trojan-activity;sid:83691299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828197/; classtype:trojan-activity;sid:83691297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828196)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.142.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828196/; classtype:trojan-activity;sid:83691296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.238.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828195/; classtype:trojan-activity;sid:83691295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.7.206.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828194/; classtype:trojan-activity;sid:83691294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.53.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828193/; classtype:trojan-activity;sid:83691293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828192)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.83.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828192/; classtype:trojan-activity;sid:83691292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.92.160"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828191/; classtype:trojan-activity;sid:83691291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.15.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828190/; classtype:trojan-activity;sid:83691290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.108.240.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828189/; classtype:trojan-activity;sid:83691289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.222.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828188/; classtype:trojan-activity;sid:83691288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.40.3.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828187/; classtype:trojan-activity;sid:83691287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.18.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828186/; classtype:trojan-activity;sid:83691286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828185/; classtype:trojan-activity;sid:83691285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.193.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828184/; classtype:trojan-activity;sid:83691284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.168.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828183/; classtype:trojan-activity;sid:83691283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.74.16.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828182/; classtype:trojan-activity;sid:83691282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.87.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828181/; classtype:trojan-activity;sid:83691281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.72"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828180/; classtype:trojan-activity;sid:83691280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828179)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.3.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828179/; classtype:trojan-activity;sid:83691279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828178)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.82.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828178/; classtype:trojan-activity;sid:83691278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828176)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.154.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828176/; classtype:trojan-activity;sid:83691276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.222.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828177/; classtype:trojan-activity;sid:83691277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828175)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.7.206.169"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828175/; classtype:trojan-activity;sid:83691275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.240.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828174/; classtype:trojan-activity;sid:83691274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828173)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828173/; classtype:trojan-activity;sid:83691273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.116.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828172/; classtype:trojan-activity;sid:83691272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828171)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668993776|3f|hash=9tmhexqqbnpzh6xmaquar1tdozqd8yjjf9liirb4xnz|7c|26|7c|dl=nw3qv9qgl5izfhzfhr6ibvrpzvbspgyzgisudxywe0o|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828171/; classtype:trojan-activity;sid:83691271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828170)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.154.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828170/; classtype:trojan-activity;sid:83691270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.35.51.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828169/; classtype:trojan-activity;sid:83691269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.51.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828168/; classtype:trojan-activity;sid:83691268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.5.5.97"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828167/; classtype:trojan-activity;sid:83691267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828166)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.219.84.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828166/; classtype:trojan-activity;sid:83691266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828165)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.177.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828165/; classtype:trojan-activity;sid:83691265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.243.22.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828163/; classtype:trojan-activity;sid:83691263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828164)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.122.134.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828164/; classtype:trojan-activity;sid:83691264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828162)"; flow:established,from_client; content:"GET"; http_method; content:"/paste-code/bukc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828162/; classtype:trojan-activity;sid:83691262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.183.168.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828161/; classtype:trojan-activity;sid:83691261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.188.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828160/; classtype:trojan-activity;sid:83691260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828159/; classtype:trojan-activity;sid:83691259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828158)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.35.51.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828158/; classtype:trojan-activity;sid:83691258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.178.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828157/; classtype:trojan-activity;sid:83691257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.173.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828156/; classtype:trojan-activity;sid:83691256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828154)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828154/; classtype:trojan-activity;sid:83691254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828155)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828155/; classtype:trojan-activity;sid:83691255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.62.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828153/; classtype:trojan-activity;sid:83691253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.178.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828152/; classtype:trojan-activity;sid:83691252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.71.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828151/; classtype:trojan-activity;sid:83691251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828150)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.8.141"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828150/; classtype:trojan-activity;sid:83691250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.143.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828149/; classtype:trojan-activity;sid:83691249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.31.189.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828148/; classtype:trojan-activity;sid:83691248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.183.168.24"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828147/; classtype:trojan-activity;sid:83691247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.188.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828146/; classtype:trojan-activity;sid:83691246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.131.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828145/; classtype:trojan-activity;sid:83691245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.127.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828144/; classtype:trojan-activity;sid:83691244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.62.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828143/; classtype:trojan-activity;sid:83691243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.54.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828142/; classtype:trojan-activity;sid:83691242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828141)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.166.82.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828141/; classtype:trojan-activity;sid:83691241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828140)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.97.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828140/; classtype:trojan-activity;sid:83691240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828139/; classtype:trojan-activity;sid:83691239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828138)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828138/; classtype:trojan-activity;sid:83691238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828137)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.178.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828137/; classtype:trojan-activity;sid:83691237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.141.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828136/; classtype:trojan-activity;sid:83691236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.191.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828135/; classtype:trojan-activity;sid:83691235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.248.174.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828134/; classtype:trojan-activity;sid:83691234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.198.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828133/; classtype:trojan-activity;sid:83691233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.228.74.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828132/; classtype:trojan-activity;sid:83691232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828131/; classtype:trojan-activity;sid:83691231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.54.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828129/; classtype:trojan-activity;sid:83691229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.230.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828130/; classtype:trojan-activity;sid:83691230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828128/; classtype:trojan-activity;sid:83691228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.54.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828126/; classtype:trojan-activity;sid:83691226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.253.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828127/; classtype:trojan-activity;sid:83691227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.141.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828125/; classtype:trojan-activity;sid:83691225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.47.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828124/; classtype:trojan-activity;sid:83691224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.127.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828123/; classtype:trojan-activity;sid:83691223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828121)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828121/; classtype:trojan-activity;sid:83691221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828122)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.158.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828122/; classtype:trojan-activity;sid:83691222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828120)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.163.228.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828120/; classtype:trojan-activity;sid:83691220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828119)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken-intl-v2.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"206.2.129.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828119/; classtype:trojan-activity;sid:83691219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.224.12.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828118/; classtype:trojan-activity;sid:83691218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.237.47.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828117/; classtype:trojan-activity;sid:83691217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828116)"; flow:established,from_client; content:"GET"; http_method; content:"/rebirth.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.88.90.17"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828116/; classtype:trojan-activity;sid:83691216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828115)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668993798|3f|hash=mszz2aw2pqimpboio6noe8ruxtowggkmrkxbbcjpp9g|7c|26|7c|dl=xrdffkmsyggubsjniwuvfjlpyulgzuzrzzsacbvglnl|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828115/; classtype:trojan-activity;sid:83691215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.216.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828114/; classtype:trojan-activity;sid:83691214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828113)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.187.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828113/; classtype:trojan-activity;sid:83691213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828112)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.230.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828112/; classtype:trojan-activity;sid:83691212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.216.91.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828111/; classtype:trojan-activity;sid:83691211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.253.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828110/; classtype:trojan-activity;sid:83691210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828109)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.54.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828109/; classtype:trojan-activity;sid:83691209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828108)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.102.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828108/; classtype:trojan-activity;sid:83691208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828106)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828106/; classtype:trojan-activity;sid:83691206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"88.224.12.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828107/; classtype:trojan-activity;sid:83691207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828105)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.69.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828105/; classtype:trojan-activity;sid:83691205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828104)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.214.237.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828104/; classtype:trojan-activity;sid:83691204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.8.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828103/; classtype:trojan-activity;sid:83691203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828102/; classtype:trojan-activity;sid:83691202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.125.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828101/; classtype:trojan-activity;sid:83691201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.37.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828100/; classtype:trojan-activity;sid:83691200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828099/; classtype:trojan-activity;sid:83691199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828098)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.60.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828098/; classtype:trojan-activity;sid:83691198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.37.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828097/; classtype:trojan-activity;sid:83691197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.216.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828095/; classtype:trojan-activity;sid:83691195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828096)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.40.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828096/; classtype:trojan-activity;sid:83691196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.178.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828092/; classtype:trojan-activity;sid:83691192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828093/; classtype:trojan-activity;sid:83691193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.51.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828094/; classtype:trojan-activity;sid:83691194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828091)"; flow:established,from_client; content:"GET"; http_method; content:"/apk/imtoken-intl-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"154.23.240.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828091/; classtype:trojan-activity;sid:83691191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828090)"; flow:established,from_client; content:"GET"; http_method; content:"/download/imtoken-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"38.47.232.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828090/; classtype:trojan-activity;sid:83691190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828089)"; flow:established,from_client; content:"GET"; http_method; content:"/download/imtoken-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"38.47.232.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828089/; classtype:trojan-activity;sid:83691189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828088)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.42.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828088/; classtype:trojan-activity;sid:83691188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828087)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.59.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828087/; classtype:trojan-activity;sid:83691187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"157.211.107.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828086/; classtype:trojan-activity;sid:83691186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.107.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828085/; classtype:trojan-activity;sid:83691185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.47.33"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828084/; classtype:trojan-activity;sid:83691184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828082)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828082/; classtype:trojan-activity;sid:83691182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828083/; classtype:trojan-activity;sid:83691183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828080)"; flow:established,from_client; content:"GET"; http_method; content:"/download/imtoken-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"107.148.56.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828080/; classtype:trojan-activity;sid:83691180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828081)"; flow:established,from_client; content:"GET"; http_method; content:"/download/imtoken.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"167.179.94.97"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828081/; classtype:trojan-activity;sid:83691181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828079)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imtoken-v2.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"aws-v2-cdn.token.im"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828079/; classtype:trojan-activity;sid:83691179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828078)"; flow:established,from_client; content:"GET"; http_method; content:"/download/imtoken-v2.apk"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"38.47.232.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828078/; classtype:trojan-activity;sid:83691178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.170.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828077/; classtype:trojan-activity;sid:83691177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.182.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828069/; classtype:trojan-activity;sid:83691169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.51.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828068/; classtype:trojan-activity;sid:83691168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828067)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothanhlong.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828067/; classtype:trojan-activity;sid:83691167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828066)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"srothanhlong.vn"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828066/; classtype:trojan-activity;sid:83691166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828065)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.28.150"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828065/; classtype:trojan-activity;sid:83691165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828064)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.178.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828064/; classtype:trojan-activity;sid:83691164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.105.182.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828063/; classtype:trojan-activity;sid:83691163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828058)"; flow:established,from_client; content:"GET"; http_method; content:"/skidtest"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828058/; classtype:trojan-activity;sid:83691158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828059)"; flow:established,from_client; content:"GET"; http_method; content:"/nklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828059/; classtype:trojan-activity;sid:83691159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828060)"; flow:established,from_client; content:"GET"; http_method; content:"/zermips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828060/; classtype:trojan-activity;sid:83691160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828061)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828061/; classtype:trojan-activity;sid:83691161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828062)"; flow:established,from_client; content:"GET"; http_method; content:"/nklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828062/; classtype:trojan-activity;sid:83691162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828057)"; flow:established,from_client; content:"GET"; http_method; content:"/splspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828057/; classtype:trojan-activity;sid:83691157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828056)"; flow:established,from_client; content:"GET"; http_method; content:"/zermpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828056/; classtype:trojan-activity;sid:83691156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828055)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828055/; classtype:trojan-activity;sid:83691155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828054)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828054/; classtype:trojan-activity;sid:83691154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828053)"; flow:established,from_client; content:"GET"; http_method; content:"/splmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828053/; classtype:trojan-activity;sid:83691153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828052)"; flow:established,from_client; content:"GET"; http_method; content:"/perppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828052/; classtype:trojan-activity;sid:83691152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828051)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828051/; classtype:trojan-activity;sid:83691151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828048)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828048/; classtype:trojan-activity;sid:83691148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828049)"; flow:established,from_client; content:"GET"; http_method; content:"/nklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828049/; classtype:trojan-activity;sid:83691149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828050)"; flow:established,from_client; content:"GET"; http_method; content:"/splmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828050/; classtype:trojan-activity;sid:83691150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828047)"; flow:established,from_client; content:"GET"; http_method; content:"/perspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828047/; classtype:trojan-activity;sid:83691147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828046)"; flow:established,from_client; content:"GET"; http_method; content:"/zerx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828046/; classtype:trojan-activity;sid:83691146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828045)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828045/; classtype:trojan-activity;sid:83691145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828043)"; flow:established,from_client; content:"GET"; http_method; content:"/zerm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828043/; classtype:trojan-activity;sid:83691143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828044)"; flow:established,from_client; content:"GET"; http_method; content:"/nabsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828044/; classtype:trojan-activity;sid:83691144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828040)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828040/; classtype:trojan-activity;sid:83691140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828041)"; flow:established,from_client; content:"GET"; http_method; content:"/splppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828041/; classtype:trojan-activity;sid:83691141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828042)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828042/; classtype:trojan-activity;sid:83691142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828037)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828037/; classtype:trojan-activity;sid:83691137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828038)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.mipsel"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828038/; classtype:trojan-activity;sid:83691138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828039)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828039/; classtype:trojan-activity;sid:83691139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828015)"; flow:established,from_client; content:"GET"; http_method; content:"/splsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828015/; classtype:trojan-activity;sid:83691115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828016)"; flow:established,from_client; content:"GET"; http_method; content:"/tm68k"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828016/; classtype:trojan-activity;sid:83691116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828017)"; flow:established,from_client; content:"GET"; http_method; content:"/perm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828017/; classtype:trojan-activity;sid:83691117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828018)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828018/; classtype:trojan-activity;sid:83691118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828019)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828019/; classtype:trojan-activity;sid:83691119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828020)"; flow:established,from_client; content:"GET"; http_method; content:"/permips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828020/; classtype:trojan-activity;sid:83691120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828021)"; flow:established,from_client; content:"GET"; http_method; content:"/splx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828021/; classtype:trojan-activity;sid:83691121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828022)"; flow:established,from_client; content:"GET"; http_method; content:"/permpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828022/; classtype:trojan-activity;sid:83691122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828023)"; flow:established,from_client; content:"GET"; http_method; content:"/zerspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828023/; classtype:trojan-activity;sid:83691123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828024)"; flow:established,from_client; content:"GET"; http_method; content:"/nklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828024/; classtype:trojan-activity;sid:83691124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828025)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828025/; classtype:trojan-activity;sid:83691125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828026)"; flow:established,from_client; content:"GET"; http_method; content:"/nklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828026/; classtype:trojan-activity;sid:83691126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828027)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828027/; classtype:trojan-activity;sid:83691127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828028)"; flow:established,from_client; content:"GET"; http_method; content:"/nklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828028/; classtype:trojan-activity;sid:83691128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828029)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828029/; classtype:trojan-activity;sid:83691129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828030)"; flow:established,from_client; content:"GET"; http_method; content:"/zerarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828030/; classtype:trojan-activity;sid:83691130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828031)"; flow:established,from_client; content:"GET"; http_method; content:"/mipst"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828031/; classtype:trojan-activity;sid:83691131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828032)"; flow:established,from_client; content:"GET"; http_method; content:"/nklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828032/; classtype:trojan-activity;sid:83691132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828033)"; flow:established,from_client; content:"GET"; http_method; content:"/splm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828033/; classtype:trojan-activity;sid:83691133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828034)"; flow:established,from_client; content:"GET"; http_method; content:"/splarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828034/; classtype:trojan-activity;sid:83691134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828035)"; flow:established,from_client; content:"GET"; http_method; content:"/zerppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828035/; classtype:trojan-activity;sid:83691135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828036)"; flow:established,from_client; content:"GET"; http_method; content:"/zersh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828036/; classtype:trojan-activity;sid:83691136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828014)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.i686"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828014/; classtype:trojan-activity;sid:83691114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828013)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828013/; classtype:trojan-activity;sid:83691113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828012)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"180.178.32.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828012/; classtype:trojan-activity;sid:83691112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828011)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828011/; classtype:trojan-activity;sid:83691111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828010)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.163.214.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828010/; classtype:trojan-activity;sid:83691110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828009)"; flow:established,from_client; content:"GET"; http_method; content:"/assailant.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"103.163.214.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828009/; classtype:trojan-activity;sid:83691109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828008)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828008/; classtype:trojan-activity;sid:83691108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828005)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828005/; classtype:trojan-activity;sid:83691105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828006)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828006/; classtype:trojan-activity;sid:83691106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828007)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828007/; classtype:trojan-activity;sid:83691107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828003)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.armv6l"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828003/; classtype:trojan-activity;sid:83691103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828004)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828004/; classtype:trojan-activity;sid:83691104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827999)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827999/; classtype:trojan-activity;sid:83691099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828000)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.224.227.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828000/; classtype:trojan-activity;sid:83691100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828001)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828001/; classtype:trojan-activity;sid:83691101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2828002)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.armv5"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2828002/; classtype:trojan-activity;sid:83691102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827997)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827997/; classtype:trojan-activity;sid:83691097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827998)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827998/; classtype:trojan-activity;sid:83691098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827992)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827992/; classtype:trojan-activity;sid:83691092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827993)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827993/; classtype:trojan-activity;sid:83691093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827994)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"159.100.17.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827994/; classtype:trojan-activity;sid:83691094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827995)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.sparc"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827995/; classtype:trojan-activity;sid:83691095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827996)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827996/; classtype:trojan-activity;sid:83691096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827988)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/x86_32"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827988/; classtype:trojan-activity;sid:83691088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827989)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827989/; classtype:trojan-activity;sid:83691089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827990)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827990/; classtype:trojan-activity;sid:83691090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827991)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827991/; classtype:trojan-activity;sid:83691091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827985)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827985/; classtype:trojan-activity;sid:83691085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827986)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827986/; classtype:trojan-activity;sid:83691086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827987)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827987/; classtype:trojan-activity;sid:83691087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827981)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.i586"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827981/; classtype:trojan-activity;sid:83691081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827982/; classtype:trojan-activity;sid:83691082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827983)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.armv4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827983/; classtype:trojan-activity;sid:83691083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827984)"; flow:established,from_client; content:"GET"; http_method; content:"/sauce.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.156.79.48"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827984/; classtype:trojan-activity;sid:83691084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827979)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.146.26.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827979/; classtype:trojan-activity;sid:83691079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827980)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/mipsel"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"94.156.79.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827980/; classtype:trojan-activity;sid:83691080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827976)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827976/; classtype:trojan-activity;sid:83691076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827977)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827977/; classtype:trojan-activity;sid:83691077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827978)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"93.123.85.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827978/; classtype:trojan-activity;sid:83691078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827975)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.59.186.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827975/; classtype:trojan-activity;sid:83691075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827974)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.170.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827974/; classtype:trojan-activity;sid:83691074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827973)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827973/; classtype:trojan-activity;sid:83691073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827972)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827972/; classtype:trojan-activity;sid:83691072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827971)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827971/; classtype:trojan-activity;sid:83691071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827970)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.137.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827970/; classtype:trojan-activity;sid:83691070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827969)"; flow:established,from_client; content:"GET"; http_method; content:"/v2.apk"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.213.43.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827969/; classtype:trojan-activity;sid:83691069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827968)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.182.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827968/; classtype:trojan-activity;sid:83691068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827967)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.54.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827967/; classtype:trojan-activity;sid:83691067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827966)"; flow:established,from_client; content:"GET"; http_method; content:"/feixiaohao_latest.apk"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"20.214.163.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827966/; classtype:trojan-activity;sid:83691066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827965)"; flow:established,from_client; content:"GET"; http_method; content:"/tokenpocket-pro.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.171.227.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827965/; classtype:trojan-activity;sid:83691065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827964)"; flow:established,from_client; content:"GET"; http_method; content:"/tokenpocket-pro.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"74.48.140.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827964/; classtype:trojan-activity;sid:83691064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827963)"; flow:established,from_client; content:"GET"; http_method; content:"/beewallet_1.0.4.apk"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"142.171.227.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827963/; classtype:trojan-activity;sid:83691063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.15.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827962/; classtype:trojan-activity;sid:83691062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.13.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827961/; classtype:trojan-activity;sid:83691061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827960)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/tokenpocket-pro.apk"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"tokenpocket.la"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827960/; classtype:trojan-activity;sid:83691060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827958)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.72.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827958/; classtype:trojan-activity;sid:83691058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827959)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.105.182.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827959/; classtype:trojan-activity;sid:83691059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827957)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/bitpie.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"bitpie.lol"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827957/; classtype:trojan-activity;sid:83691057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827956)"; flow:established,from_client; content:"GET"; http_method; content:"/download/imtoken.apk"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"imtokeon.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827956/; classtype:trojan-activity;sid:83691056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827955)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827955/; classtype:trojan-activity;sid:83691055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827954)"; flow:established,from_client; content:"GET"; http_method; content:"/us/app/imtoken2/id1384798940"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"itunes.apple.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827954/; classtype:trojan-activity;sid:83691054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827952)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.123.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827952/; classtype:trojan-activity;sid:83691052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827953)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827953/; classtype:trojan-activity;sid:83691053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827951)"; flow:established,from_client; content:"GET"; http_method; content:"/store/apps/details|3f|id=im.token.app"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"play.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827951/; classtype:trojan-activity;sid:83691051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.94.99.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827950/; classtype:trojan-activity;sid:83691050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.128.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827949/; classtype:trojan-activity;sid:83691049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827948/; classtype:trojan-activity;sid:83691048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827947)"; flow:established,from_client; content:"GET"; http_method; content:"/load/download.php|3f|c=1000"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"dkgxxh1czdosr.cloudfront.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827947/; classtype:trojan-activity;sid:83691047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827946)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.178.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827946/; classtype:trojan-activity;sid:83691046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.128.31.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827945/; classtype:trojan-activity;sid:83691045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827944)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.222.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827944/; classtype:trojan-activity;sid:83691044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827943)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.255.74.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827943/; classtype:trojan-activity;sid:83691043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.144.229.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827942/; classtype:trojan-activity;sid:83691042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.80.173"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827941/; classtype:trojan-activity;sid:83691041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827940/; classtype:trojan-activity;sid:83691040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827939/; classtype:trojan-activity;sid:83691039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827938)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827938/; classtype:trojan-activity;sid:83691038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827937)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827937/; classtype:trojan-activity;sid:83691037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827936)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"218.29.29.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827936/; classtype:trojan-activity;sid:83691036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827933)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.15.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827933/; classtype:trojan-activity;sid:83691033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827934)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.145.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827934/; classtype:trojan-activity;sid:83691034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827935)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.37.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827935/; classtype:trojan-activity;sid:83691035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827931)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.254.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827931/; classtype:trojan-activity;sid:83691031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827932)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.170.28.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827932/; classtype:trojan-activity;sid:83691032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827930)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.13.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827930/; classtype:trojan-activity;sid:83691030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.159.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827929/; classtype:trojan-activity;sid:83691029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.221.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827928/; classtype:trojan-activity;sid:83691028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827927)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827927/; classtype:trojan-activity;sid:83691027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.46.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827926/; classtype:trojan-activity;sid:83691026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827925)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.54.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827925/; classtype:trojan-activity;sid:83691025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.10.12.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827924/; classtype:trojan-activity;sid:83691024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827923)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.159"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827923/; classtype:trojan-activity;sid:83691023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827922)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827922/; classtype:trojan-activity;sid:83691022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.169.217"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827921/; classtype:trojan-activity;sid:83691021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.185.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827920/; classtype:trojan-activity;sid:83691020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827919)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.94.99.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827919/; classtype:trojan-activity;sid:83691019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.26.172.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827918/; classtype:trojan-activity;sid:83691018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.128.31.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827917/; classtype:trojan-activity;sid:83691017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827916)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827916/; classtype:trojan-activity;sid:83691016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827915)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827915/; classtype:trojan-activity;sid:83691015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.221.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827914/; classtype:trojan-activity;sid:83691014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.182.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827913/; classtype:trojan-activity;sid:83691013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.74.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827912/; classtype:trojan-activity;sid:83691012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.99.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827911/; classtype:trojan-activity;sid:83691011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827910)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827910/; classtype:trojan-activity;sid:83691010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827909)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.65.196.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827909/; classtype:trojan-activity;sid:83691009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827908)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_669007153|3f|hash=jdxdpboexprzdf3cmywkfosnuz6zqlusmp7ko5wdqix|7c|26|7c|dl=zsjpjeuvseni1ybruyexsxubldwglqrigdlxeqn7tno|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827908/; classtype:trojan-activity;sid:83691008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827905)"; flow:established,from_client; content:"GET"; http_method; content:"/v3tutorial.mp4"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827905/; classtype:trojan-activity;sid:83691005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827906)"; flow:established,from_client; content:"GET"; http_method; content:"/playkit.mp4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827906/; classtype:trojan-activity;sid:83691006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827907)"; flow:established,from_client; content:"GET"; http_method; content:"/teaser.mp4"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.249.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827907/; classtype:trojan-activity;sid:83691007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827904)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827904/; classtype:trojan-activity;sid:83691004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827903)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.214.109.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827903/; classtype:trojan-activity;sid:83691003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827902)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.191.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827902/; classtype:trojan-activity;sid:83691002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827900)"; flow:established,from_client; content:"GET"; http_method; content:"/store/apps/details|3f|id=com.bitpie"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"play.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827900/; classtype:trojan-activity;sid:83691000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827901)"; flow:established,from_client; content:"GET"; http_method; content:"/store/apps/details|3f|id=vip.mytokenpocket"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"play.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827901/; classtype:trojan-activity;sid:83691001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827898)"; flow:established,from_client; content:"GET"; http_method; content:"/store/apps/details|3f|id=vip.mybitpiewallet"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"play.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827898/; classtype:trojan-activity;sid:83690998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827899)"; flow:established,from_client; content:"GET"; http_method; content:"/webstore/detail/tokenpocket/mfgccjchihfkkindfppnaooecgfneiii"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"chrome.google.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827899/; classtype:trojan-activity;sid:83690999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827897)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.23.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827897/; classtype:trojan-activity;sid:83690997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827896)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.99.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827896/; classtype:trojan-activity;sid:83690996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.205.61.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827895/; classtype:trojan-activity;sid:83690995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827894)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.26.172.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827894/; classtype:trojan-activity;sid:83690994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827893)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.99.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827893/; classtype:trojan-activity;sid:83690993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827892/; classtype:trojan-activity;sid:83690992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827891)"; flow:established,from_client; content:"GET"; http_method; content:"/exodus.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.255.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827891/; classtype:trojan-activity;sid:83690991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.77.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827890/; classtype:trojan-activity;sid:83690990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827889/; classtype:trojan-activity;sid:83690989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827888)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827888/; classtype:trojan-activity;sid:83690988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827887)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.31.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827887/; classtype:trojan-activity;sid:83690987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827886)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.64.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827886/; classtype:trojan-activity;sid:83690986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827885)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.92.176.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827885/; classtype:trojan-activity;sid:83690985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827884)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"164.92.176.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827884/; classtype:trojan-activity;sid:83690984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827883)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.45.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827883/; classtype:trojan-activity;sid:83690983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827882)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.172.230"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827882/; classtype:trojan-activity;sid:83690982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827881)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/fkqcdjc473843.apk"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lh.yjjxz.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827881/; classtype:trojan-activity;sid:83690981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.83.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827880/; classtype:trojan-activity;sid:83690980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.93.54"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827879/; classtype:trojan-activity;sid:83690979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827878/; classtype:trojan-activity;sid:83690978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827876)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.140.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827876/; classtype:trojan-activity;sid:83690976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.77.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827877/; classtype:trojan-activity;sid:83690977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827875)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.55.135.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827875/; classtype:trojan-activity;sid:83690975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827874)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.185.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827874/; classtype:trojan-activity;sid:83690974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827873)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.169.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827873/; classtype:trojan-activity;sid:83690973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.212.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827872/; classtype:trojan-activity;sid:83690972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.126.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827871/; classtype:trojan-activity;sid:83690971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.48.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827870/; classtype:trojan-activity;sid:83690970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.39.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827869/; classtype:trojan-activity;sid:83690969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827868)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.83.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827868/; classtype:trojan-activity;sid:83690968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827867)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.snoopy"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"38.180.156.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827867/; classtype:trojan-activity;sid:83690967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827866)"; flow:established,from_client; content:"GET"; http_method; content:"/snoopy.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"38.180.156.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827866/; classtype:trojan-activity;sid:83690966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.54.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827865/; classtype:trojan-activity;sid:83690965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827864)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.229.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827864/; classtype:trojan-activity;sid:83690964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.89"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827863/; classtype:trojan-activity;sid:83690963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827862)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.106.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827862/; classtype:trojan-activity;sid:83690962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.3.183.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827861/; classtype:trojan-activity;sid:83690961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.106.91.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827860/; classtype:trojan-activity;sid:83690960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.212.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827859/; classtype:trojan-activity;sid:83690959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827858)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827858/; classtype:trojan-activity;sid:83690958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827857)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.25.76.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827857/; classtype:trojan-activity;sid:83690957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.8.9.218"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827856/; classtype:trojan-activity;sid:83690956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.7.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827855/; classtype:trojan-activity;sid:83690955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827854)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.30.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827854/; classtype:trojan-activity;sid:83690954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827853)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"20.2.148.240"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827853/; classtype:trojan-activity;sid:83690953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827852)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.39.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827852/; classtype:trojan-activity;sid:83690952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.41.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827851/; classtype:trojan-activity;sid:83690951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827850)"; flow:established,from_client; content:"GET"; http_method; content:"/qc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"107.189.5.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827850/; classtype:trojan-activity;sid:83690950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.225.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827849/; classtype:trojan-activity;sid:83690949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827848)"; flow:established,from_client; content:"GET"; http_method; content:"/jk/sshd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"107.189.5.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827848/; classtype:trojan-activity;sid:83690948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827847)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.41.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827847/; classtype:trojan-activity;sid:83690947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827846)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.7.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827846/; classtype:trojan-activity;sid:83690946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.5.157.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827845/; classtype:trojan-activity;sid:83690945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.91.206.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827844/; classtype:trojan-activity;sid:83690944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827843)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827843/; classtype:trojan-activity;sid:83690943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827841)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827841/; classtype:trojan-activity;sid:83690941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827842)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.31.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827842/; classtype:trojan-activity;sid:83690942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827840)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.225.192"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827840/; classtype:trojan-activity;sid:83690940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.55.79"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827839/; classtype:trojan-activity;sid:83690939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827800)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827800/; classtype:trojan-activity;sid:83690900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827801)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827801/; classtype:trojan-activity;sid:83690901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827802)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827802/; classtype:trojan-activity;sid:83690902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827803)"; flow:established,from_client; content:"GET"; http_method; content:"/l.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827803/; classtype:trojan-activity;sid:83690903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827804)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827804/; classtype:trojan-activity;sid:83690904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827805)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827805/; classtype:trojan-activity;sid:83690905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827806)"; flow:established,from_client; content:"GET"; http_method; content:"/nabspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827806/; classtype:trojan-activity;sid:83690906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827807)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827807/; classtype:trojan-activity;sid:83690907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827808)"; flow:established,from_client; content:"GET"; http_method; content:"/jklx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827808/; classtype:trojan-activity;sid:83690908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827809)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827809/; classtype:trojan-activity;sid:83690909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827810)"; flow:established,from_client; content:"GET"; http_method; content:"/f"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827810/; classtype:trojan-activity;sid:83690910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827811)"; flow:established,from_client; content:"GET"; http_method; content:"/jklarm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827811/; classtype:trojan-activity;sid:83690911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827812)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827812/; classtype:trojan-activity;sid:83690912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827813)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827813/; classtype:trojan-activity;sid:83690913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827814)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827814/; classtype:trojan-activity;sid:83690914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827815)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827815/; classtype:trojan-activity;sid:83690915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827816)"; flow:established,from_client; content:"GET"; http_method; content:"/gpon"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827816/; classtype:trojan-activity;sid:83690916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827817)"; flow:established,from_client; content:"GET"; http_method; content:"/jklppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827817/; classtype:trojan-activity;sid:83690917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827818)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827818/; classtype:trojan-activity;sid:83690918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827819)"; flow:established,from_client; content:"GET"; http_method; content:"/jklmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827819/; classtype:trojan-activity;sid:83690919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827820)"; flow:established,from_client; content:"GET"; http_method; content:"/jklm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827820/; classtype:trojan-activity;sid:83690920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827821)"; flow:established,from_client; content:"GET"; http_method; content:"/curl.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827821/; classtype:trojan-activity;sid:83690921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827822)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827822/; classtype:trojan-activity;sid:83690922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827823)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827823/; classtype:trojan-activity;sid:83690923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827824)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827824/; classtype:trojan-activity;sid:83690924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827825)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827825/; classtype:trojan-activity;sid:83690925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827826)"; flow:established,from_client; content:"GET"; http_method; content:"/jklspc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827826/; classtype:trojan-activity;sid:83690926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827827)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827827/; classtype:trojan-activity;sid:83690927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827828)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827828/; classtype:trojan-activity;sid:83690928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827829)"; flow:established,from_client; content:"GET"; http_method; content:"/nabm68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827829/; classtype:trojan-activity;sid:83690929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827830)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827830/; classtype:trojan-activity;sid:83690930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827831)"; flow:established,from_client; content:"GET"; http_method; content:"/nabx86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827831/; classtype:trojan-activity;sid:83690931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827832)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827832/; classtype:trojan-activity;sid:83690932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827833)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827833/; classtype:trojan-activity;sid:83690933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827834)"; flow:established,from_client; content:"GET"; http_method; content:"/nabppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827834/; classtype:trojan-activity;sid:83690934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827835)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827835/; classtype:trojan-activity;sid:83690935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827836)"; flow:established,from_client; content:"GET"; http_method; content:"/jklsh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827836/; classtype:trojan-activity;sid:83690936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827837)"; flow:established,from_client; content:"GET"; http_method; content:"/nabmips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827837/; classtype:trojan-activity;sid:83690937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827838)"; flow:established,from_client; content:"GET"; http_method; content:"/nabarm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827838/; classtype:trojan-activity;sid:83690938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.26.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827799/; classtype:trojan-activity;sid:83690899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.86.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827798/; classtype:trojan-activity;sid:83690898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827797)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827797/; classtype:trojan-activity;sid:83690897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827795)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.204.149.86"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827795/; classtype:trojan-activity;sid:83690895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827796)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.25.68.247"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827796/; classtype:trojan-activity;sid:83690896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827792)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.110.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827792/; classtype:trojan-activity;sid:83690892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827793)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827793/; classtype:trojan-activity;sid:83690893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827794)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.199.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827794/; classtype:trojan-activity;sid:83690894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827791)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.98.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827791/; classtype:trojan-activity;sid:83690891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.116.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827790/; classtype:trojan-activity;sid:83690890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827789)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827789/; classtype:trojan-activity;sid:83690889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827788)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.83.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827788/; classtype:trojan-activity;sid:83690888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827787)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.221.96.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827787/; classtype:trojan-activity;sid:83690887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827786)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.173.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827786/; classtype:trojan-activity;sid:83690886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827785)"; flow:established,from_client; content:"GET"; http_method; content:"/a.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.128.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827785/; classtype:trojan-activity;sid:83690885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827784)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.157.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827784/; classtype:trojan-activity;sid:83690884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.175.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827783/; classtype:trojan-activity;sid:83690883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827782)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.3.204"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827782/; classtype:trojan-activity;sid:83690882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.202.68.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827781/; classtype:trojan-activity;sid:83690881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.190.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827780/; classtype:trojan-activity;sid:83690880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827779)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.157.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827779/; classtype:trojan-activity;sid:83690879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827778)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.86.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827778/; classtype:trojan-activity;sid:83690878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827777)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.123.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827777/; classtype:trojan-activity;sid:83690877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827776)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827776/; classtype:trojan-activity;sid:83690876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827775)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.126.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827775/; classtype:trojan-activity;sid:83690875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827774)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.0.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827774/; classtype:trojan-activity;sid:83690874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.18.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827773/; classtype:trojan-activity;sid:83690873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827772)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.175.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827772/; classtype:trojan-activity;sid:83690872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.18.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827771/; classtype:trojan-activity;sid:83690871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827769)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827769/; classtype:trojan-activity;sid:83690869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827770)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827770/; classtype:trojan-activity;sid:83690870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827767)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827767/; classtype:trojan-activity;sid:83690867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827768)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827768/; classtype:trojan-activity;sid:83690868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827765)"; flow:established,from_client; content:"GET"; http_method; content:"/aaa"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827765/; classtype:trojan-activity;sid:83690865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827766)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827766/; classtype:trojan-activity;sid:83690866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827764)"; flow:established,from_client; content:"GET"; http_method; content:"/7.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"67.217.59.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827764/; classtype:trojan-activity;sid:83690864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827763)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668998749|3f|hash=jpzrjrp4xjuuq6pm7wjrjlcc9a5fxja4fun0y7zvgw8|7c|26|7c|dl=xwjfciff01zfmz3tzu5a8wlf6n11nelyx3wpqzubojw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827763/; classtype:trojan-activity;sid:83690863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.66.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827762/; classtype:trojan-activity;sid:83690862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.121.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827761/; classtype:trojan-activity;sid:83690861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827760)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.190.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827760/; classtype:trojan-activity;sid:83690860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827759)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.18.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827759/; classtype:trojan-activity;sid:83690859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827758)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.73.94.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827758/; classtype:trojan-activity;sid:83690858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827757)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.157.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827757/; classtype:trojan-activity;sid:83690857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827756)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.18.17"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827756/; classtype:trojan-activity;sid:83690856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827755/; classtype:trojan-activity;sid:83690855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.29.198.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827754/; classtype:trojan-activity;sid:83690854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.111.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827753/; classtype:trojan-activity;sid:83690853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827752/; classtype:trojan-activity;sid:83690852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827751)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.82.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827751/; classtype:trojan-activity;sid:83690851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827750)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.73.57"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827750/; classtype:trojan-activity;sid:83690850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827749)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.106.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827749/; classtype:trojan-activity;sid:83690849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.114.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827748/; classtype:trojan-activity;sid:83690848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827747)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.142.55.3"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827747/; classtype:trojan-activity;sid:83690847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.168.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827746/; classtype:trojan-activity;sid:83690846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827744)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827744/; classtype:trojan-activity;sid:83690844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827745)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.46.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827745/; classtype:trojan-activity;sid:83690845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827743)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.125.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827743/; classtype:trojan-activity;sid:83690843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827741)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827741/; classtype:trojan-activity;sid:83690841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827742)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.48.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827742/; classtype:trojan-activity;sid:83690842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827740)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.114.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827740/; classtype:trojan-activity;sid:83690840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827738)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.150.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827738/; classtype:trojan-activity;sid:83690838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827739)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.2.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827739/; classtype:trojan-activity;sid:83690839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.87.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827737/; classtype:trojan-activity;sid:83690837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827736)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.4.187"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827736/; classtype:trojan-activity;sid:83690836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827735)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.176.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827735/; classtype:trojan-activity;sid:83690835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827734)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827734/; classtype:trojan-activity;sid:83690834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827733)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.168.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827733/; classtype:trojan-activity;sid:83690833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827732)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.114.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827732/; classtype:trojan-activity;sid:83690832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.161.73.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827731/; classtype:trojan-activity;sid:83690831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827730)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.48.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827730/; classtype:trojan-activity;sid:83690830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.163.158.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827729/; classtype:trojan-activity;sid:83690829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.158.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827728/; classtype:trojan-activity;sid:83690828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.228.96.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827727/; classtype:trojan-activity;sid:83690827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827726)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.241.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827726/; classtype:trojan-activity;sid:83690826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827725)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.253.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827725/; classtype:trojan-activity;sid:83690825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827724)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.237.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827724/; classtype:trojan-activity;sid:83690824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.83.184.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827723/; classtype:trojan-activity;sid:83690823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.12.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827722/; classtype:trojan-activity;sid:83690822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.87.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827721/; classtype:trojan-activity;sid:83690821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827720)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.161.73.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827720/; classtype:trojan-activity;sid:83690820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827719)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.61.93.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827719/; classtype:trojan-activity;sid:83690819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827717)"; flow:established,from_client; content:"GET"; http_method; content:"/dt.txt"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.216.188.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827717/; classtype:trojan-activity;sid:83690817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827718)"; flow:established,from_client; content:"GET"; http_method; content:"/b.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"41.216.188.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827718/; classtype:trojan-activity;sid:83690818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827716)"; flow:established,from_client; content:"GET"; http_method; content:"/slasl.txt"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"85.209.133.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827716/; classtype:trojan-activity;sid:83690816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827714)"; flow:established,from_client; content:"GET"; http_method; content:"/wgaltypqicmixdhx.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.243.38.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827714/; classtype:trojan-activity;sid:83690814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827715)"; flow:established,from_client; content:"GET"; http_method; content:"/whqwpyhkpfairrmb.jpg"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"104.243.38.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827715/; classtype:trojan-activity;sid:83690815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827713)"; flow:established,from_client; content:"GET"; http_method; content:"/bar.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"85.209.133.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827713/; classtype:trojan-activity;sid:83690813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827712/; classtype:trojan-activity;sid:83690812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827711)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.25.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827711/; classtype:trojan-activity;sid:83690811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.176.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827710/; classtype:trojan-activity;sid:83690810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827709)"; flow:established,from_client; content:"GET"; http_method; content:"/h.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.26.115.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827709/; classtype:trojan-activity;sid:83690809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827708)"; flow:established,from_client; content:"GET"; http_method; content:"/t87.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.26.115.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827708/; classtype:trojan-activity;sid:83690808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827707)"; flow:established,from_client; content:"GET"; http_method; content:"/blo.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.26.115.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827707/; classtype:trojan-activity;sid:83690807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827705)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.26.115.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827705/; classtype:trojan-activity;sid:83690805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827706)"; flow:established,from_client; content:"GET"; http_method; content:"/ock.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"193.26.115.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827706/; classtype:trojan-activity;sid:83690806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.210.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827704/; classtype:trojan-activity;sid:83690804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827703)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.120.33.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827703/; classtype:trojan-activity;sid:83690803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827702/; classtype:trojan-activity;sid:83690802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.47.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827700/; classtype:trojan-activity;sid:83690800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.25.76.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827701/; classtype:trojan-activity;sid:83690801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.234.179.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827699/; classtype:trojan-activity;sid:83690799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827698)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.12.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827698/; classtype:trojan-activity;sid:83690798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827697/; classtype:trojan-activity;sid:83690797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827696)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.215"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827696/; classtype:trojan-activity;sid:83690796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827695)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.77.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827695/; classtype:trojan-activity;sid:83690795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827693)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.16"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827693/; classtype:trojan-activity;sid:83690793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827694/; classtype:trojan-activity;sid:83690794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.87.160"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827692/; classtype:trojan-activity;sid:83690792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827691)"; flow:established,from_client; content:"GET"; http_method; content:"/k2/unconscientiousness.jpb"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"nitio.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827691/; classtype:trojan-activity;sid:83690791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827688)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827688/; classtype:trojan-activity;sid:83690788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827689)"; flow:established,from_client; content:"GET"; http_method; content:"/and"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827689/; classtype:trojan-activity;sid:83690789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827690)"; flow:established,from_client; content:"GET"; http_method; content:"/k1/fdoimu226.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nitio.com"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827690/; classtype:trojan-activity;sid:83690790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827686)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.137"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827686/; classtype:trojan-activity;sid:83690786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827685)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.25.76.83"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827685/; classtype:trojan-activity;sid:83690785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827684)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.176.167"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827684/; classtype:trojan-activity;sid:83690784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827683)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.214.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827683/; classtype:trojan-activity;sid:83690783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827681)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827681/; classtype:trojan-activity;sid:83690781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827682)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.210.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827682/; classtype:trojan-activity;sid:83690782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827680)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.61.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827680/; classtype:trojan-activity;sid:83690780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827679)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.239.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827679/; classtype:trojan-activity;sid:83690779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827678)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.158.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827678/; classtype:trojan-activity;sid:83690778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.147.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827677/; classtype:trojan-activity;sid:83690777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827676)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.47.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827676/; classtype:trojan-activity;sid:83690776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827675)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827675/; classtype:trojan-activity;sid:83690775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827674)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.179.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827674/; classtype:trojan-activity;sid:83690774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827673)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.arm"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827673/; classtype:trojan-activity;sid:83690773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827672)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.sh4"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827672/; classtype:trojan-activity;sid:83690772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827666)"; flow:established,from_client; content:"GET"; http_method; content:"//softbot.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827666/; classtype:trojan-activity;sid:83690766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827667)"; flow:established,from_client; content:"GET"; http_method; content:"//softbot.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827667/; classtype:trojan-activity;sid:83690767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827668)"; flow:established,from_client; content:"GET"; http_method; content:"//softbot.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827668/; classtype:trojan-activity;sid:83690768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827669)"; flow:established,from_client; content:"GET"; http_method; content:"//softbot.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827669/; classtype:trojan-activity;sid:83690769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827670)"; flow:established,from_client; content:"GET"; http_method; content:"//softbot.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827670/; classtype:trojan-activity;sid:83690770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827671)"; flow:established,from_client; content:"GET"; http_method; content:"//softbot.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827671/; classtype:trojan-activity;sid:83690771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827665)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.210.216"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827665/; classtype:trojan-activity;sid:83690765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827664)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827664/; classtype:trojan-activity;sid:83690764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827663)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668991652|3f|hash=c8ujqgg4wj90td0szysdxob79ydyvd27cgqn4vikfwg|7c|26|7c|dl=oh9fctztik0mv1xdmorla3bzkjlch5if5euzcuqaz7l|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827663/; classtype:trojan-activity;sid:83690763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827662)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668993960|3f|hash=z9lhrslmzuv1xjuhy4zqtzdarrwzqtc4a9awzl2tz3h|7c|26|7c|dl=3urmyip5qksf8z8w5ffo4nmwnjcuxsbiz8mtd9wpsct|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827662/; classtype:trojan-activity;sid:83690762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827660)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.136.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827660/; classtype:trojan-activity;sid:83690760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827661)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.138.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827661/; classtype:trojan-activity;sid:83690761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827659)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668994275|3f|hash=js2sfrhovuanz24hemspgkyfj51ggkuzg7faz24rnzk|7c|26|7c|dl=tzc6tefgtatqytcbonykgucerynmvxpm9pczn029d20|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827659/; classtype:trojan-activity;sid:83690759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.9.67.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827658/; classtype:trojan-activity;sid:83690758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827652)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827652/; classtype:trojan-activity;sid:83690752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827653)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827653/; classtype:trojan-activity;sid:83690753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827654/; classtype:trojan-activity;sid:83690754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827655)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827655/; classtype:trojan-activity;sid:83690755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827656/; classtype:trojan-activity;sid:83690756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827657)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827657/; classtype:trojan-activity;sid:83690757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827648)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827648/; classtype:trojan-activity;sid:83690748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827649)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827649/; classtype:trojan-activity;sid:83690749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827650)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827650/; classtype:trojan-activity;sid:83690750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827651)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827651/; classtype:trojan-activity;sid:83690751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827643)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827643/; classtype:trojan-activity;sid:83690743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827644)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827644/; classtype:trojan-activity;sid:83690744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827645)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827645/; classtype:trojan-activity;sid:83690745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827646)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827646/; classtype:trojan-activity;sid:83690746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827647)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827647/; classtype:trojan-activity;sid:83690747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827642)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.163.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827642/; classtype:trojan-activity;sid:83690742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827633)"; flow:established,from_client; content:"GET"; http_method; content:"/li"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827633/; classtype:trojan-activity;sid:83690733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827634)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827634/; classtype:trojan-activity;sid:83690734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827635)"; flow:established,from_client; content:"GET"; http_method; content:"/linksys"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827635/; classtype:trojan-activity;sid:83690735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827636)"; flow:established,from_client; content:"GET"; http_method; content:"/jaws"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827636/; classtype:trojan-activity;sid:83690736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827637)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827637/; classtype:trojan-activity;sid:83690737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827638)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827638/; classtype:trojan-activity;sid:83690738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827639)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827639/; classtype:trojan-activity;sid:83690739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827640)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827640/; classtype:trojan-activity;sid:83690740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827641)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827641/; classtype:trojan-activity;sid:83690741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827632)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.221.176"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827632/; classtype:trojan-activity;sid:83690732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827631)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.147.115"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827631/; classtype:trojan-activity;sid:83690731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827629)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827629/; classtype:trojan-activity;sid:83690729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827630)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827630/; classtype:trojan-activity;sid:83690730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827627)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.204.237.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827627/; classtype:trojan-activity;sid:83690727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827628)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.172.115.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827628/; classtype:trojan-activity;sid:83690728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827626)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.18.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827626/; classtype:trojan-activity;sid:83690726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.251.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827625/; classtype:trojan-activity;sid:83690725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.240.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827624/; classtype:trojan-activity;sid:83690724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827623)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.17.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827623/; classtype:trojan-activity;sid:83690723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.173.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827622/; classtype:trojan-activity;sid:83690722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827621)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827621/; classtype:trojan-activity;sid:83690721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827620)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827620/; classtype:trojan-activity;sid:83690720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.37.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827619/; classtype:trojan-activity;sid:83690719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827618/; classtype:trojan-activity;sid:83690718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.98.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827617/; classtype:trojan-activity;sid:83690717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.24.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827616/; classtype:trojan-activity;sid:83690716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827615)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.8.61"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827615/; classtype:trojan-activity;sid:83690715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.184.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827614/; classtype:trojan-activity;sid:83690714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827613/; classtype:trojan-activity;sid:83690713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.80.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827612/; classtype:trojan-activity;sid:83690712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827611/; classtype:trojan-activity;sid:83690711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827610/; classtype:trojan-activity;sid:83690710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.59.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827609/; classtype:trojan-activity;sid:83690709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.213.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827608/; classtype:trojan-activity;sid:83690708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.30.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827607/; classtype:trojan-activity;sid:83690707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827606)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.204.111"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827606/; classtype:trojan-activity;sid:83690706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827605)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.173.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827605/; classtype:trojan-activity;sid:83690705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827604)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.80.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827604/; classtype:trojan-activity;sid:83690704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827603)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.30.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827603/; classtype:trojan-activity;sid:83690703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827602)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.215.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827602/; classtype:trojan-activity;sid:83690702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827601)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.254.39"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827601/; classtype:trojan-activity;sid:83690701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.246.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827600/; classtype:trojan-activity;sid:83690700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827599)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.198.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827599/; classtype:trojan-activity;sid:83690699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827598)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827598/; classtype:trojan-activity;sid:83690698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.153.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827597/; classtype:trojan-activity;sid:83690697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.160.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827596/; classtype:trojan-activity;sid:83690696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.23.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827594/; classtype:trojan-activity;sid:83690694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827595)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.24.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827595/; classtype:trojan-activity;sid:83690695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827593)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827593/; classtype:trojan-activity;sid:83690693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827592)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.242.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827592/; classtype:trojan-activity;sid:83690692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.52.0.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827591/; classtype:trojan-activity;sid:83690691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.237.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827590/; classtype:trojan-activity;sid:83690690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.164.141.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827589/; classtype:trojan-activity;sid:83690689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.246.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827588/; classtype:trojan-activity;sid:83690688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.36.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827587/; classtype:trojan-activity;sid:83690687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.204.232"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827586/; classtype:trojan-activity;sid:83690686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827585)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.153.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827585/; classtype:trojan-activity;sid:83690685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827584)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.62.181.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827584/; classtype:trojan-activity;sid:83690684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827583)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.85.15.28"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827583/; classtype:trojan-activity;sid:83690683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"101.108.240.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827582/; classtype:trojan-activity;sid:83690682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827581)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.160.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827581/; classtype:trojan-activity;sid:83690681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.223.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827580/; classtype:trojan-activity;sid:83690680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.23.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827579/; classtype:trojan-activity;sid:83690679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827578)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.36.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827578/; classtype:trojan-activity;sid:83690678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827577)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.92.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827577/; classtype:trojan-activity;sid:83690677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827576)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.87.105.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827576/; classtype:trojan-activity;sid:83690676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.36.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827574/; classtype:trojan-activity;sid:83690674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.138.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827575/; classtype:trojan-activity;sid:83690675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.9.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827573/; classtype:trojan-activity;sid:83690673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827572)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl.n"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827572/; classtype:trojan-activity;sid:83690672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827571)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.26.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827571/; classtype:trojan-activity;sid:83690671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827570)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827570/; classtype:trojan-activity;sid:83690670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827569)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.78.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827569/; classtype:trojan-activity;sid:83690669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827568/; classtype:trojan-activity;sid:83690668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827567)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.154.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827567/; classtype:trojan-activity;sid:83690667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827566)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/themes/woodmart/fonts/rtx.exe"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"salamatbartar.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827566/; classtype:trojan-activity;sid:83690666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.200.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827565/; classtype:trojan-activity;sid:83690665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827564)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.223.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827564/; classtype:trojan-activity;sid:83690664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827563)"; flow:established,from_client; content:"GET"; http_method; content:"/zyohg9odyvknmq9zlh"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jeuxviddeo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827563/; classtype:trojan-activity;sid:83690663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.56.88.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827562/; classtype:trojan-activity;sid:83690662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.199.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827561/; classtype:trojan-activity;sid:83690661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827560)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.200.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827560/; classtype:trojan-activity;sid:83690660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827559)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.143.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827559/; classtype:trojan-activity;sid:83690659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.124.127.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827558/; classtype:trojan-activity;sid:83690658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.78.83"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827557/; classtype:trojan-activity;sid:83690657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.26.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827556/; classtype:trojan-activity;sid:83690656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827555/; classtype:trojan-activity;sid:83690655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827554)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.117.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827554/; classtype:trojan-activity;sid:83690654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827553)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827553/; classtype:trojan-activity;sid:83690653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827552)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.54.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827552/; classtype:trojan-activity;sid:83690652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"77.45.247.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827551/; classtype:trojan-activity;sid:83690651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.182.254.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827550/; classtype:trojan-activity;sid:83690650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.203.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827549/; classtype:trojan-activity;sid:83690649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827548)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.69.75.189"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827548/; classtype:trojan-activity;sid:83690648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827547)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827547/; classtype:trojan-activity;sid:83690647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.228.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827545/; classtype:trojan-activity;sid:83690645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.234"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827546/; classtype:trojan-activity;sid:83690646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827544)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.9.150.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827544/; classtype:trojan-activity;sid:83690644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827543)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.193"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827543/; classtype:trojan-activity;sid:83690643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827542)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.254.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827542/; classtype:trojan-activity;sid:83690642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.48.89"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827541/; classtype:trojan-activity;sid:83690641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.124.127.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827540/; classtype:trojan-activity;sid:83690640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827539)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.117.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827539/; classtype:trojan-activity;sid:83690639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827538/; classtype:trojan-activity;sid:83690638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827535)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.83.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827535/; classtype:trojan-activity;sid:83690635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827536)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.161.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827536/; classtype:trojan-activity;sid:83690636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827537)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.19.98"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827537/; classtype:trojan-activity;sid:83690637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827534)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.128.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827534/; classtype:trojan-activity;sid:83690634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.224.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827533/; classtype:trojan-activity;sid:83690633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827532)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.117.181.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827532/; classtype:trojan-activity;sid:83690632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827531)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827531/; classtype:trojan-activity;sid:83690631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827530)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827530/; classtype:trojan-activity;sid:83690630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827529)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.222.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827529/; classtype:trojan-activity;sid:83690629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827528)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.41.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827528/; classtype:trojan-activity;sid:83690628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827527)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.192.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827527/; classtype:trojan-activity;sid:83690627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827526)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.203.177.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827526/; classtype:trojan-activity;sid:83690626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827525/; classtype:trojan-activity;sid:83690625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.179.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827523/; classtype:trojan-activity;sid:83690623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827524)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.9.150.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827524/; classtype:trojan-activity;sid:83690624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827522)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827522/; classtype:trojan-activity;sid:83690622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.220"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827521/; classtype:trojan-activity;sid:83690621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.54.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827519/; classtype:trojan-activity;sid:83690619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827520)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.240.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827520/; classtype:trojan-activity;sid:83690620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827518)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827518/; classtype:trojan-activity;sid:83690618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827517)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.23.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827517/; classtype:trojan-activity;sid:83690617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827516)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.229.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827516/; classtype:trojan-activity;sid:83690616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827515)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.224.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827515/; classtype:trojan-activity;sid:83690615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827514)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.151.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827514/; classtype:trojan-activity;sid:83690614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.15.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827513/; classtype:trojan-activity;sid:83690613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827512)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827512/; classtype:trojan-activity;sid:83690612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827511/; classtype:trojan-activity;sid:83690611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.72.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827508/; classtype:trojan-activity;sid:83690608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827509)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.163.88"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827509/; classtype:trojan-activity;sid:83690609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827510)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.150.95"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827510/; classtype:trojan-activity;sid:83690610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827507/; classtype:trojan-activity;sid:83690607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.179.67"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827506/; classtype:trojan-activity;sid:83690606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.119.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827505/; classtype:trojan-activity;sid:83690605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827504)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.110.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827504/; classtype:trojan-activity;sid:83690604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.41.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827503/; classtype:trojan-activity;sid:83690603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.198.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827502/; classtype:trojan-activity;sid:83690602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.40.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827501/; classtype:trojan-activity;sid:83690601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.54.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827500/; classtype:trojan-activity;sid:83690600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827499)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.70.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827499/; classtype:trojan-activity;sid:83690599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827498)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.206.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827498/; classtype:trojan-activity;sid:83690598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827497)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827497/; classtype:trojan-activity;sid:83690597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.160.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827496/; classtype:trojan-activity;sid:83690596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.14.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827495/; classtype:trojan-activity;sid:83690595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827494)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.119.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827494/; classtype:trojan-activity;sid:83690594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827493)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.207.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827493/; classtype:trojan-activity;sid:83690593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827492)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.15.181"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827492/; classtype:trojan-activity;sid:83690592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827491)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.44.209.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827491/; classtype:trojan-activity;sid:83690591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.66.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827490/; classtype:trojan-activity;sid:83690590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827489)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.101.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827489/; classtype:trojan-activity;sid:83690589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.201.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827488/; classtype:trojan-activity;sid:83690588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827487)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.14.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827487/; classtype:trojan-activity;sid:83690587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827486)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827486/; classtype:trojan-activity;sid:83690586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827485)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827485/; classtype:trojan-activity;sid:83690585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827484)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.214.149.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827484/; classtype:trojan-activity;sid:83690584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.228.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827482/; classtype:trojan-activity;sid:83690582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827483)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.11.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827483/; classtype:trojan-activity;sid:83690583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827481)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.137.198.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827481/; classtype:trojan-activity;sid:83690581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827480)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.70.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827480/; classtype:trojan-activity;sid:83690580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.223.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827479/; classtype:trojan-activity;sid:83690579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827478)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827478/; classtype:trojan-activity;sid:83690578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827471)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827471/; classtype:trojan-activity;sid:83690571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827472)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827472/; classtype:trojan-activity;sid:83690572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827473)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827473/; classtype:trojan-activity;sid:83690573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827474)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827474/; classtype:trojan-activity;sid:83690574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827475)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827475/; classtype:trojan-activity;sid:83690575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827476)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827476/; classtype:trojan-activity;sid:83690576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827477)"; flow:established,from_client; content:"GET"; http_method; content:"/y91/ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.92.254.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827477/; classtype:trojan-activity;sid:83690577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827470)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.54.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827470/; classtype:trojan-activity;sid:83690570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827469)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827469/; classtype:trojan-activity;sid:83690569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827468)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.125.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827468/; classtype:trojan-activity;sid:83690568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827467)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.116.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827467/; classtype:trojan-activity;sid:83690567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.41.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827466/; classtype:trojan-activity;sid:83690566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.117.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827465/; classtype:trojan-activity;sid:83690565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.71.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827464/; classtype:trojan-activity;sid:83690564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827463)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.201.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827463/; classtype:trojan-activity;sid:83690563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.246.231.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827461/; classtype:trojan-activity;sid:83690561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.101.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827462/; classtype:trojan-activity;sid:83690562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827460)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.189.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827460/; classtype:trojan-activity;sid:83690560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827459)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.195.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827459/; classtype:trojan-activity;sid:83690559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827457)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.98.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827457/; classtype:trojan-activity;sid:83690557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827458)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.132.104.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827458/; classtype:trojan-activity;sid:83690558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827456)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.69.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827456/; classtype:trojan-activity;sid:83690556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.27.37.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827455/; classtype:trojan-activity;sid:83690555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827454)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.212.36.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827454/; classtype:trojan-activity;sid:83690554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827452)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.228.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827452/; classtype:trojan-activity;sid:83690552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.11.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827453/; classtype:trojan-activity;sid:83690553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827451)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.246.231.57"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827451/; classtype:trojan-activity;sid:83690551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"206.85.167.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827450/; classtype:trojan-activity;sid:83690550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827449)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.117.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827449/; classtype:trojan-activity;sid:83690549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827448/; classtype:trojan-activity;sid:83690548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827447)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.201.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827447/; classtype:trojan-activity;sid:83690547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827446)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.77.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827446/; classtype:trojan-activity;sid:83690546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.61.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827445/; classtype:trojan-activity;sid:83690545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827444)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.71.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827444/; classtype:trojan-activity;sid:83690544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827443/; classtype:trojan-activity;sid:83690543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827442)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.223.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827442/; classtype:trojan-activity;sid:83690542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827441)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.209.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827441/; classtype:trojan-activity;sid:83690541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827440)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827440/; classtype:trojan-activity;sid:83690540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827439)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.36.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827439/; classtype:trojan-activity;sid:83690539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827438)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.27.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827438/; classtype:trojan-activity;sid:83690538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827437)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.129.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827437/; classtype:trojan-activity;sid:83690537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827436)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.141"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827436/; classtype:trojan-activity;sid:83690536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827435)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.90.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827435/; classtype:trojan-activity;sid:83690535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.250.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827434/; classtype:trojan-activity;sid:83690534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827433)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.54.144.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827433/; classtype:trojan-activity;sid:83690533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827432)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.240.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827432/; classtype:trojan-activity;sid:83690532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827431)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.136"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827431/; classtype:trojan-activity;sid:83690531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.10.3.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827430/; classtype:trojan-activity;sid:83690530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827429)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827429/; classtype:trojan-activity;sid:83690529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827428)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.253.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827428/; classtype:trojan-activity;sid:83690528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827427)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.69"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827427/; classtype:trojan-activity;sid:83690527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827426)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.129.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827426/; classtype:trojan-activity;sid:83690526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.150.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827425/; classtype:trojan-activity;sid:83690525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827424)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.18.61.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827424/; classtype:trojan-activity;sid:83690524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827422)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.117.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827422/; classtype:trojan-activity;sid:83690522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.29.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827423/; classtype:trojan-activity;sid:83690523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827420)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.161.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827420/; classtype:trojan-activity;sid:83690520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827421)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.32.15"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827421/; classtype:trojan-activity;sid:83690521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827419)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.18.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827419/; classtype:trojan-activity;sid:83690519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827418)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827418/; classtype:trojan-activity;sid:83690518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827417)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.3.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827417/; classtype:trojan-activity;sid:83690517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827416)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.240.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827416/; classtype:trojan-activity;sid:83690516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827415)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.152.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827415/; classtype:trojan-activity;sid:83690515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827414)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.198.130"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827414/; classtype:trojan-activity;sid:83690514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827413)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.54.144.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827413/; classtype:trojan-activity;sid:83690513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827412)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.183.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827412/; classtype:trojan-activity;sid:83690512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827411)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.67.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827411/; classtype:trojan-activity;sid:83690511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827410)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.150.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827410/; classtype:trojan-activity;sid:83690510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827409)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.247.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827409/; classtype:trojan-activity;sid:83690509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827408)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827408/; classtype:trojan-activity;sid:83690508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827407)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.142.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827407/; classtype:trojan-activity;sid:83690507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827406)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.29.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827406/; classtype:trojan-activity;sid:83690506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827405)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.177.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827405/; classtype:trojan-activity;sid:83690505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827404)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.84.206"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827404/; classtype:trojan-activity;sid:83690504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.226.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827403/; classtype:trojan-activity;sid:83690503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827402)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.140.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827402/; classtype:trojan-activity;sid:83690502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.146.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827400/; classtype:trojan-activity;sid:83690500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827401/; classtype:trojan-activity;sid:83690501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827398)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.152.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827398/; classtype:trojan-activity;sid:83690498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.245.213.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827399/; classtype:trojan-activity;sid:83690499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.183.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827397/; classtype:trojan-activity;sid:83690497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827396)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.205.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827396/; classtype:trojan-activity;sid:83690496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827395)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.31.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827395/; classtype:trojan-activity;sid:83690495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827394)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.142.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827394/; classtype:trojan-activity;sid:83690494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.125.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827393/; classtype:trojan-activity;sid:83690493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.10.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827391/; classtype:trojan-activity;sid:83690491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827392)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.48.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827392/; classtype:trojan-activity;sid:83690492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.251.12.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827390/; classtype:trojan-activity;sid:83690490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827389)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.31.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827389/; classtype:trojan-activity;sid:83690489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827388/; classtype:trojan-activity;sid:83690488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827387)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"77.221.156.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827387/; classtype:trojan-activity;sid:83690487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827384)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827384/; classtype:trojan-activity;sid:83690484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827385)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827385/; classtype:trojan-activity;sid:83690485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827386)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827386/; classtype:trojan-activity;sid:83690486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827382)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827382/; classtype:trojan-activity;sid:83690482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827383)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827383/; classtype:trojan-activity;sid:83690483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827380)"; flow:established,from_client; content:"GET"; http_method; content:"/most-m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827380/; classtype:trojan-activity;sid:83690480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827381)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827381/; classtype:trojan-activity;sid:83690481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827379)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827379/; classtype:trojan-activity;sid:83690479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827377)"; flow:established,from_client; content:"GET"; http_method; content:"/most-sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827377/; classtype:trojan-activity;sid:83690477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827378)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.218.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827378/; classtype:trojan-activity;sid:83690478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827375)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.arm5"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827375/; classtype:trojan-activity;sid:83690475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827376)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.x86"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827376/; classtype:trojan-activity;sid:83690476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827372)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.arm6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827372/; classtype:trojan-activity;sid:83690472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827373)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827373/; classtype:trojan-activity;sid:83690473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827374)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827374/; classtype:trojan-activity;sid:83690474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827371)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.244.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827371/; classtype:trojan-activity;sid:83690471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.149.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827370/; classtype:trojan-activity;sid:83690470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827369)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.195.255"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827369/; classtype:trojan-activity;sid:83690469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827368)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.146.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827368/; classtype:trojan-activity;sid:83690468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827367)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.98.117.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827367/; classtype:trojan-activity;sid:83690467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827366)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.3.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827366/; classtype:trojan-activity;sid:83690466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827365)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.15.143.127"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827365/; classtype:trojan-activity;sid:83690465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827364)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.48"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827364/; classtype:trojan-activity;sid:83690464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.46.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827363/; classtype:trojan-activity;sid:83690463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827362)"; flow:established,from_client; content:"GET"; http_method; content:"/no_killer/mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827362/; classtype:trojan-activity;sid:83690462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827361)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.146.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827361/; classtype:trojan-activity;sid:83690461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827360)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.112.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827360/; classtype:trojan-activity;sid:83690460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827358)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.251.12.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827358/; classtype:trojan-activity;sid:83690458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.203.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827359/; classtype:trojan-activity;sid:83690459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.236.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827357/; classtype:trojan-activity;sid:83690457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827356)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.177.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827356/; classtype:trojan-activity;sid:83690456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827355)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.145.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827355/; classtype:trojan-activity;sid:83690455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827354)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.107.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827354/; classtype:trojan-activity;sid:83690454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.59.10.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827353/; classtype:trojan-activity;sid:83690453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827352)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.67.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827352/; classtype:trojan-activity;sid:83690452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827351)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.203.124"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827351/; classtype:trojan-activity;sid:83690451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827350)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.163.21.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827350/; classtype:trojan-activity;sid:83690450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.5.147.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827349/; classtype:trojan-activity;sid:83690449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.235.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827348/; classtype:trojan-activity;sid:83690448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827347)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.153.232"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827347/; classtype:trojan-activity;sid:83690447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827346)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.177.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827346/; classtype:trojan-activity;sid:83690446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827345)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.133.45.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827345/; classtype:trojan-activity;sid:83690445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827344)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.224.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827344/; classtype:trojan-activity;sid:83690444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827342)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.214.73.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827342/; classtype:trojan-activity;sid:83690442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827343)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.217.51.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827343/; classtype:trojan-activity;sid:83690443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827341)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.236.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827341/; classtype:trojan-activity;sid:83690441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.86.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827340/; classtype:trojan-activity;sid:83690440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.222.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827339/; classtype:trojan-activity;sid:83690439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827338)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.190.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827338/; classtype:trojan-activity;sid:83690438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.208.102.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827337/; classtype:trojan-activity;sid:83690437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827336)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.90.232"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827336/; classtype:trojan-activity;sid:83690436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827335)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.213.104.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827335/; classtype:trojan-activity;sid:83690435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827334)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.200.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827334/; classtype:trojan-activity;sid:83690434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827333)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.151.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827333/; classtype:trojan-activity;sid:83690433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827332)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.195.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827332/; classtype:trojan-activity;sid:83690432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827331)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.21.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827331/; classtype:trojan-activity;sid:83690431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827330)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.228.32.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827330/; classtype:trojan-activity;sid:83690430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827329)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.102.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827329/; classtype:trojan-activity;sid:83690429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827328/; classtype:trojan-activity;sid:83690428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827327)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.76.6"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827327/; classtype:trojan-activity;sid:83690427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827326)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.42.27.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827326/; classtype:trojan-activity;sid:83690426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827325)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.198.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827325/; classtype:trojan-activity;sid:83690425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827324)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.73.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827324/; classtype:trojan-activity;sid:83690424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827323)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.171.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827323/; classtype:trojan-activity;sid:83690423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827322)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.105.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827322/; classtype:trojan-activity;sid:83690422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.78.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827321/; classtype:trojan-activity;sid:83690421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827320)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.9.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827320/; classtype:trojan-activity;sid:83690420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.3.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827319/; classtype:trojan-activity;sid:83690419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.116.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827318/; classtype:trojan-activity;sid:83690418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.94.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827317/; classtype:trojan-activity;sid:83690417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.229.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827316/; classtype:trojan-activity;sid:83690416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827315)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.174.238.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827315/; classtype:trojan-activity;sid:83690415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827314)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827314/; classtype:trojan-activity;sid:83690414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.101.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827313/; classtype:trojan-activity;sid:83690413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.140.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827312/; classtype:trojan-activity;sid:83690412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.83.173.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827311/; classtype:trojan-activity;sid:83690411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.170.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827310/; classtype:trojan-activity;sid:83690410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.220.92"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827309/; classtype:trojan-activity;sid:83690409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827308)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.206.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827308/; classtype:trojan-activity;sid:83690408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827307)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.9.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827307/; classtype:trojan-activity;sid:83690407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827306)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.35.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827306/; classtype:trojan-activity;sid:83690406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827305)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827305/; classtype:trojan-activity;sid:83690405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827304)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.94.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827304/; classtype:trojan-activity;sid:83690404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.16.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827303/; classtype:trojan-activity;sid:83690403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827302)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.197.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827302/; classtype:trojan-activity;sid:83690402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827300)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.87.143.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827300/; classtype:trojan-activity;sid:83690400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827301)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.34.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827301/; classtype:trojan-activity;sid:83690401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827299)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827299/; classtype:trojan-activity;sid:83690399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827297)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.221.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827297/; classtype:trojan-activity;sid:83690397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827298)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.74.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827298/; classtype:trojan-activity;sid:83690398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.70.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827296/; classtype:trojan-activity;sid:83690396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827295)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827295/; classtype:trojan-activity;sid:83690395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.245.213.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827294/; classtype:trojan-activity;sid:83690394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827293)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.83.173.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827293/; classtype:trojan-activity;sid:83690393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"179.48.196.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_26; reference:url, urlhaus.abuse.ch/url/2827292/; classtype:trojan-activity;sid:83690392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827291)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.140.96"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827291/; classtype:trojan-activity;sid:83690391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827290)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.181.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827290/; classtype:trojan-activity;sid:83690390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827289)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.145.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827289/; classtype:trojan-activity;sid:83690389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.108.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827287/; classtype:trojan-activity;sid:83690387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827288)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.114.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827288/; classtype:trojan-activity;sid:83690388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.13.27.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827286/; classtype:trojan-activity;sid:83690386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827285)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.213"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827285/; classtype:trojan-activity;sid:83690385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827284)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.117.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827284/; classtype:trojan-activity;sid:83690384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827283)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.116.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827283/; classtype:trojan-activity;sid:83690383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827282)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"156.247.1.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827282/; classtype:trojan-activity;sid:83690382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827281)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.163.128.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827281/; classtype:trojan-activity;sid:83690381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.7.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827280/; classtype:trojan-activity;sid:83690380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.196.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827279/; classtype:trojan-activity;sid:83690379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827278)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.126.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827278/; classtype:trojan-activity;sid:83690378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827277)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827277/; classtype:trojan-activity;sid:83690377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.16.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827276/; classtype:trojan-activity;sid:83690376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827275)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827275/; classtype:trojan-activity;sid:83690375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.108.54"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827273/; classtype:trojan-activity;sid:83690373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.145.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827274/; classtype:trojan-activity;sid:83690374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.114.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827272/; classtype:trojan-activity;sid:83690372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827271)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.58.95.134"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827271/; classtype:trojan-activity;sid:83690371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827270)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827270/; classtype:trojan-activity;sid:83690370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.133.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827269/; classtype:trojan-activity;sid:83690369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827268)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.7.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827268/; classtype:trojan-activity;sid:83690368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827267)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827267/; classtype:trojan-activity;sid:83690367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827266)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.89.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827266/; classtype:trojan-activity;sid:83690366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827263)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.164.229.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827263/; classtype:trojan-activity;sid:83690363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827264)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.229.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827264/; classtype:trojan-activity;sid:83690364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.188.141"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827265/; classtype:trojan-activity;sid:83690365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827262/; classtype:trojan-activity;sid:83690362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827261)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.53.245.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827261/; classtype:trojan-activity;sid:83690361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.189.198.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827260/; classtype:trojan-activity;sid:83690360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827259/; classtype:trojan-activity;sid:83690359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827258)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827258/; classtype:trojan-activity;sid:83690358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827257)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.55.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827257/; classtype:trojan-activity;sid:83690357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827256)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827256/; classtype:trojan-activity;sid:83690356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827255)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.158.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827255/; classtype:trojan-activity;sid:83690355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827254)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.109.229.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827254/; classtype:trojan-activity;sid:83690354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827253)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.200.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827253/; classtype:trojan-activity;sid:83690353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.74.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827252/; classtype:trojan-activity;sid:83690352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827251)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.7.220.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827251/; classtype:trojan-activity;sid:83690351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827250)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.189.198.118"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827250/; classtype:trojan-activity;sid:83690350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827249)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.235.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827249/; classtype:trojan-activity;sid:83690349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827248)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.114.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827248/; classtype:trojan-activity;sid:83690348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827247)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.13.233.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827247/; classtype:trojan-activity;sid:83690347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.19.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827246/; classtype:trojan-activity;sid:83690346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.250"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827245/; classtype:trojan-activity;sid:83690345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827244/; classtype:trojan-activity;sid:83690344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827243)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.123.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827243/; classtype:trojan-activity;sid:83690343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.152.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827242/; classtype:trojan-activity;sid:83690342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827241)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.151.225.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827241/; classtype:trojan-activity;sid:83690341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.7.220.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827240/; classtype:trojan-activity;sid:83690340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827239/; classtype:trojan-activity;sid:83690339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.105.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827238/; classtype:trojan-activity;sid:83690338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.177.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827237/; classtype:trojan-activity;sid:83690337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827235)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.186.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827235/; classtype:trojan-activity;sid:83690335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.164.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827236/; classtype:trojan-activity;sid:83690336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.203.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827234/; classtype:trojan-activity;sid:83690334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827233)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.219.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827233/; classtype:trojan-activity;sid:83690333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.92.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827232/; classtype:trojan-activity;sid:83690332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827231)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"icul.anesthetics.biomedzglobal.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827231/; classtype:trojan-activity;sid:83690331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827230)"; flow:established,from_client; content:"GET"; http_method; content:"/v0/b/case-419310.appspot.com/o/imrozi8xra%2fdocument_h90_16m957712-08k63479r1055-7228h4.js|3f|alt=media|7c|26|7c|token=6ae5a405-6e42-4d61-91cd-5fa0b3522a4b"; http_uri; depth:156; isdataat:!1,relative; nocase; content:"firebasestorage.googleapis.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827230/; classtype:trojan-activity;sid:83690330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827229)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.78.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827229/; classtype:trojan-activity;sid:83690329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.240.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827228/; classtype:trojan-activity;sid:83690328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.255.118.0"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827227/; classtype:trojan-activity;sid:83690327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.83.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827226/; classtype:trojan-activity;sid:83690326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.228.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827225/; classtype:trojan-activity;sid:83690325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.177.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827224/; classtype:trojan-activity;sid:83690324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.41.142.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827223/; classtype:trojan-activity;sid:83690323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.112.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827222/; classtype:trojan-activity;sid:83690322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.98.77"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827221/; classtype:trojan-activity;sid:83690321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.132.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827220/; classtype:trojan-activity;sid:83690320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.203.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827219/; classtype:trojan-activity;sid:83690319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827217)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.92.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827217/; classtype:trojan-activity;sid:83690317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.164.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827218/; classtype:trojan-activity;sid:83690318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.70.189.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827216/; classtype:trojan-activity;sid:83690316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.91.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827215/; classtype:trojan-activity;sid:83690315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.182.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827214/; classtype:trojan-activity;sid:83690314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827213)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.228.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827213/; classtype:trojan-activity;sid:83690313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827212)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.240.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827212/; classtype:trojan-activity;sid:83690312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827211)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.212.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827211/; classtype:trojan-activity;sid:83690311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.193.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827210/; classtype:trojan-activity;sid:83690310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.112.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827208/; classtype:trojan-activity;sid:83690308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.34.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827209/; classtype:trojan-activity;sid:83690309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.83.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827207/; classtype:trojan-activity;sid:83690307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.74.89.235"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827206/; classtype:trojan-activity;sid:83690306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827205)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827205/; classtype:trojan-activity;sid:83690305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827202)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"taifateule.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827202/; classtype:trojan-activity;sid:83690302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827203)"; flow:established,from_client; content:"GET"; http_method; content:"/chocolate/wp-content/plugins/user-private-files/shared/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"milkganache.com.br"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827203/; classtype:trojan-activity;sid:83690303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827204)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"yahyacarpet.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827204/; classtype:trojan-activity;sid:83690304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827200)"; flow:established,from_client; content:"GET"; http_method; content:"/networkconnect/wp-content/plugins/user-private-files/shared/"; http_uri; depth:61; isdataat:!1,relative; nocase; content:"iswpcreator.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827200/; classtype:trojan-activity;sid:83690300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827201)"; flow:established,from_client; content:"GET"; http_method; content:"/tangerang/wp-content/plugins/user-private-files/shared/"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"tutycholid.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827201/; classtype:trojan-activity;sid:83690301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827192)"; flow:established,from_client; content:"GET"; http_method; content:"/indigo/wp-content/plugins/user-private-files/shared/"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"konsaltakuatorial.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827192/; classtype:trojan-activity;sid:83690292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827193)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"divifar.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827193/; classtype:trojan-activity;sid:83690293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827194)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"audio.daiphucminh.vn"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827194/; classtype:trojan-activity;sid:83690294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827195)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"antvietnam.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827195/; classtype:trojan-activity;sid:83690295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827196)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"newsmedia247.site"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827196/; classtype:trojan-activity;sid:83690296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827197)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"phs124168.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827197/; classtype:trojan-activity;sid:83690297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827198)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"i.thietke.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827198/; classtype:trojan-activity;sid:83690298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827199)"; flow:established,from_client; content:"GET"; http_method; content:"/site/wp-content/plugins/user-private-files/shared/"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"direitopositivado.com.br"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827199/; classtype:trojan-activity;sid:83690299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827189)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"pgdm.my"; http_host; depth:7; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827189/; classtype:trojan-activity;sid:83690289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827190)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"phatthanhnghia.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827190/; classtype:trojan-activity;sid:83690290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827191)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"seraphyaromatherapy.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827191/; classtype:trojan-activity;sid:83690291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827183)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"quotesparade.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827183/; classtype:trojan-activity;sid:83690283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.159.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827184/; classtype:trojan-activity;sid:83690284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827185)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"devaccrocs.allianceconsultants.net"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827185/; classtype:trojan-activity;sid:83690285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827186)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/wp-content/plugins/user-private-files/shared/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"vegasnights.co.za"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827186/; classtype:trojan-activity;sid:83690286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827187)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"manbaulhudaasia.aliyy.my"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827187/; classtype:trojan-activity;sid:83690287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827188)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"cbg.divineunveil.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827188/; classtype:trojan-activity;sid:83690288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827175)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ugandainarabic.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827175/; classtype:trojan-activity;sid:83690275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827176)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"www.pansy-dz.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827176/; classtype:trojan-activity;sid:83690276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827177)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"reyadtours.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827177/; classtype:trojan-activity;sid:83690277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827178)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ideanet.co.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827178/; classtype:trojan-activity;sid:83690278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827179)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"thayhoicoffee.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827179/; classtype:trojan-activity;sid:83690279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827180)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"ideosphere.in"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827180/; classtype:trojan-activity;sid:83690280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827181)"; flow:established,from_client; content:"GET"; http_method; content:"/projects/visioncrystal/wp-content/plugins/user-private-files/shared/"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"www.websitedesigningindia.biz"; http_host; depth:29; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827181/; classtype:trojan-activity;sid:83690281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827182)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"upr.lk"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827182/; classtype:trojan-activity;sid:83690282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827172)"; flow:established,from_client; content:"GET"; http_method; content:"/epicure-traiteur/wp-content/plugins/user-private-files/shared/"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"vitrine.izaragency.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827172/; classtype:trojan-activity;sid:83690272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827173)"; flow:established,from_client; content:"GET"; http_method; content:"/model-2/wp-content/plugins/user-private-files/shared/"; http_uri; depth:54; isdataat:!1,relative; nocase; content:"vitrine.izaragency.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827173/; classtype:trojan-activity;sid:83690273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827174)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/plugins/user-private-files/shared/"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"bissecci.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827174/; classtype:trojan-activity;sid:83690274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.255"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827171/; classtype:trojan-activity;sid:83690271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.199"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827170/; classtype:trojan-activity;sid:83690270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827168)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.212.67.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827168/; classtype:trojan-activity;sid:83690268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.93.136.21"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827169/; classtype:trojan-activity;sid:83690269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.205.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827167/; classtype:trojan-activity;sid:83690267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827166)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.142.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827166/; classtype:trojan-activity;sid:83690266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827165)"; flow:established,from_client; content:"GET"; http_method; content:"/ad.msi"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.95.11.217"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827165/; classtype:trojan-activity;sid:83690265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827164)"; flow:established,from_client; content:"GET"; http_method; content:"/security_check/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"nlqbgkl5.org"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827164/; classtype:trojan-activity;sid:83690264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.11.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827163/; classtype:trojan-activity;sid:83690263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.125"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827162/; classtype:trojan-activity;sid:83690262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.132.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827161/; classtype:trojan-activity;sid:83690261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.95.135.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827160/; classtype:trojan-activity;sid:83690260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827159)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.214.73.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827159/; classtype:trojan-activity;sid:83690259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827157)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.208.188"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827157/; classtype:trojan-activity;sid:83690257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827158)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.140.185.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827158/; classtype:trojan-activity;sid:83690258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827155)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.150.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827155/; classtype:trojan-activity;sid:83690255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827156)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.44.32.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827156/; classtype:trojan-activity;sid:83690256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.183.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827154/; classtype:trojan-activity;sid:83690254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827153)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.168.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827153/; classtype:trojan-activity;sid:83690253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827152)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827152/; classtype:trojan-activity;sid:83690252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827150)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.86.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827150/; classtype:trojan-activity;sid:83690250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827151)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.99.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827151/; classtype:trojan-activity;sid:83690251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.34.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827149/; classtype:trojan-activity;sid:83690249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.182.150.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827148/; classtype:trojan-activity;sid:83690248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.135.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827147/; classtype:trojan-activity;sid:83690247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.155.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827146/; classtype:trojan-activity;sid:83690246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827145)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827145/; classtype:trojan-activity;sid:83690245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.57.218.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827144/; classtype:trojan-activity;sid:83690244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827143)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.244"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827143/; classtype:trojan-activity;sid:83690243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.82.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827142/; classtype:trojan-activity;sid:83690242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.190.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827141/; classtype:trojan-activity;sid:83690241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.122.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827140/; classtype:trojan-activity;sid:83690240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827139)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.248.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827139/; classtype:trojan-activity;sid:83690239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.150.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827138/; classtype:trojan-activity;sid:83690238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827137)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"svif-venezuela.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827137/; classtype:trojan-activity;sid:83690237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827135)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.131.101.129"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827135/; classtype:trojan-activity;sid:83690235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827136)"; flow:established,from_client; content:"GET"; http_method; content:"/data.php"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"svif-venezuela.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827136/; classtype:trojan-activity;sid:83690236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"171.37.238.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827134/; classtype:trojan-activity;sid:83690234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827133)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.171.173"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827133/; classtype:trojan-activity;sid:83690233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827132/; classtype:trojan-activity;sid:83690232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.248.61.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827131/; classtype:trojan-activity;sid:83690231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.190.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827130/; classtype:trojan-activity;sid:83690230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827129)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.234.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827129/; classtype:trojan-activity;sid:83690229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.211.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827128/; classtype:trojan-activity;sid:83690228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.226.205.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827127/; classtype:trojan-activity;sid:83690227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.12.158.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827126/; classtype:trojan-activity;sid:83690226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.122.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827125/; classtype:trojan-activity;sid:83690225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"223.13.81.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827124/; classtype:trojan-activity;sid:83690224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827123)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"171.37.238.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827123/; classtype:trojan-activity;sid:83690223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.157.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827122/; classtype:trojan-activity;sid:83690222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827121)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.189.245.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827121/; classtype:trojan-activity;sid:83690221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827120/; classtype:trojan-activity;sid:83690220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827119)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.152.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827119/; classtype:trojan-activity;sid:83690219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827118)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.255.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827118/; classtype:trojan-activity;sid:83690218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827117)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668967566|3f|hash=gawr6dbgifhqjuujyeixv2ic99fxyzhotvvlkoeqvvg|7c|26|7c|dl=wz118yc9hyoz9ykrpg5agfszsqq61jftztdzqwqcmdw|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827117/; classtype:trojan-activity;sid:83690217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.47.104.95"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827116/; classtype:trojan-activity;sid:83690216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.32.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827115/; classtype:trojan-activity;sid:83690215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.61.32"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827114/; classtype:trojan-activity;sid:83690214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827113)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/xtnhsvjqtxvh"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827113/; classtype:trojan-activity;sid:83690213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827110)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.223.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827110/; classtype:trojan-activity;sid:83690210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827111)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827111/; classtype:trojan-activity;sid:83690211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.130.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827112/; classtype:trojan-activity;sid:83690212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"105.157.83.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827109/; classtype:trojan-activity;sid:83690209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827108/; classtype:trojan-activity;sid:83690208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827107)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.189.245.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827107/; classtype:trojan-activity;sid:83690207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.180.189.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827106/; classtype:trojan-activity;sid:83690206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827105/; classtype:trojan-activity;sid:83690205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.157.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827104/; classtype:trojan-activity;sid:83690204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827103)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.202.75.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827103/; classtype:trojan-activity;sid:83690203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.23"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827102/; classtype:trojan-activity;sid:83690202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.121.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827099/; classtype:trojan-activity;sid:83690199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827100)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.123.193.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827100/; classtype:trojan-activity;sid:83690200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827101)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.230.148"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827101/; classtype:trojan-activity;sid:83690201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.38.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827098/; classtype:trojan-activity;sid:83690198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.198.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827097/; classtype:trojan-activity;sid:83690197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.156.33.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827096/; classtype:trojan-activity;sid:83690196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827095)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.130.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827095/; classtype:trojan-activity;sid:83690195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.173.52.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827094/; classtype:trojan-activity;sid:83690194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827093)"; flow:established,from_client; content:"GET"; http_method; content:"/softbot.mpsl"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"45.142.182.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827093/; classtype:trojan-activity;sid:83690193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827092)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.189.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827092/; classtype:trojan-activity;sid:83690192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827091)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.42.27.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827091/; classtype:trojan-activity;sid:83690191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827090)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.110.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827090/; classtype:trojan-activity;sid:83690190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.128"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827089/; classtype:trojan-activity;sid:83690189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.172.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827087/; classtype:trojan-activity;sid:83690187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.38.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827088/; classtype:trojan-activity;sid:83690188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.123.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827086/; classtype:trojan-activity;sid:83690186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.90.88.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827085/; classtype:trojan-activity;sid:83690185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827084)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.212.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827084/; classtype:trojan-activity;sid:83690184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.8.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827083/; classtype:trojan-activity;sid:83690183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.84.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827082/; classtype:trojan-activity;sid:83690182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827081)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.253.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827081/; classtype:trojan-activity;sid:83690181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827080/; classtype:trojan-activity;sid:83690180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827079)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.81.56.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827079/; classtype:trojan-activity;sid:83690179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.70.137.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827078/; classtype:trojan-activity;sid:83690178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827077)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.36.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827077/; classtype:trojan-activity;sid:83690177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827074)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827074/; classtype:trojan-activity;sid:83690174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827075)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.172.239"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827075/; classtype:trojan-activity;sid:83690175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827076)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.91"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827076/; classtype:trojan-activity;sid:83690176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827073)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.216.71.59"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827073/; classtype:trojan-activity;sid:83690173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.134.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827071/; classtype:trojan-activity;sid:83690171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827072)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.46.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827072/; classtype:trojan-activity;sid:83690172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827070/; classtype:trojan-activity;sid:83690170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827069)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.84.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827069/; classtype:trojan-activity;sid:83690169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827068)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.123.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827068/; classtype:trojan-activity;sid:83690168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.17.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827067/; classtype:trojan-activity;sid:83690167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827066)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.155.132"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827066/; classtype:trojan-activity;sid:83690166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827065)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.56.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827065/; classtype:trojan-activity;sid:83690165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827064)"; flow:established,from_client; content:"GET"; http_method; content:"/gavno/nikto.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827064/; classtype:trojan-activity;sid:83690164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827063)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827063/; classtype:trojan-activity;sid:83690163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827062)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.90.88.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827062/; classtype:trojan-activity;sid:83690162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827061)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.137.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827061/; classtype:trojan-activity;sid:83690161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827060)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.8.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827060/; classtype:trojan-activity;sid:83690160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827059)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.56.34"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827059/; classtype:trojan-activity;sid:83690159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827058)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.228.96.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827058/; classtype:trojan-activity;sid:83690158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.216.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827057/; classtype:trojan-activity;sid:83690157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827056)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.11.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827056/; classtype:trojan-activity;sid:83690156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827055)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827055/; classtype:trojan-activity;sid:83690155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.187.64.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827054/; classtype:trojan-activity;sid:83690154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827053)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.218.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827053/; classtype:trojan-activity;sid:83690153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827052)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.247.160.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827052/; classtype:trojan-activity;sid:83690152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827051)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.58.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827051/; classtype:trojan-activity;sid:83690151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827050)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.76.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827050/; classtype:trojan-activity;sid:83690150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827049)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.78.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827049/; classtype:trojan-activity;sid:83690149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.181.75.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827048/; classtype:trojan-activity;sid:83690148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827047)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827047/; classtype:trojan-activity;sid:83690147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827046)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.191.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827046/; classtype:trojan-activity;sid:83690146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827045)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.6.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827045/; classtype:trojan-activity;sid:83690145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827044)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827044/; classtype:trojan-activity;sid:83690144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827043)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.32.198.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827043/; classtype:trojan-activity;sid:83690143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827042)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.107.37.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827042/; classtype:trojan-activity;sid:83690142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827041)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.113.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827041/; classtype:trojan-activity;sid:83690141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827040)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.109.73.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827040/; classtype:trojan-activity;sid:83690140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827039)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.10.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827039/; classtype:trojan-activity;sid:83690139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827038)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.84.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827038/; classtype:trojan-activity;sid:83690138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827036)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.47.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827036/; classtype:trojan-activity;sid:83690136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827037)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.18.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827037/; classtype:trojan-activity;sid:83690137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827034)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827034/; classtype:trojan-activity;sid:83690134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827035)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.208.232.133"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827035/; classtype:trojan-activity;sid:83690135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827033)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.192.209"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827033/; classtype:trojan-activity;sid:83690133; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827032)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.172.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827032/; classtype:trojan-activity;sid:83690132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827031)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.247.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827031/; classtype:trojan-activity;sid:83690131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827030)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.216.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827030/; classtype:trojan-activity;sid:83690130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827029)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.143.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827029/; classtype:trojan-activity;sid:83690129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827028)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.173.4.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827028/; classtype:trojan-activity;sid:83690128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.126.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827027/; classtype:trojan-activity;sid:83690127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827026)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.194.57.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827026/; classtype:trojan-activity;sid:83690126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827025)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.186.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827025/; classtype:trojan-activity;sid:83690125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827024)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.78.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827024/; classtype:trojan-activity;sid:83690124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827023)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.255.160"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827023/; classtype:trojan-activity;sid:83690123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827022)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.233.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827022/; classtype:trojan-activity;sid:83690122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827021)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.11.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827021/; classtype:trojan-activity;sid:83690121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827020)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.11.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827020/; classtype:trojan-activity;sid:83690120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827019)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668971870|3f|hash=jqvzooj71utv7xazppp7quv9ro4s8bspxv7ilhgxi1t|7c|26|7c|dl=km1tydwgfxjarz3op78hjystbbvkjy03z57rjcfcyoz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827019/; classtype:trojan-activity;sid:83690119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827018)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.189.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827018/; classtype:trojan-activity;sid:83690118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827017)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.117.172.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827017/; classtype:trojan-activity;sid:83690117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827016)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827016/; classtype:trojan-activity;sid:83690116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827015)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.1.224.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827015/; classtype:trojan-activity;sid:83690115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827014)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.138.255.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827014/; classtype:trojan-activity;sid:83690114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827013)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.198.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827013/; classtype:trojan-activity;sid:83690113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827012)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827012/; classtype:trojan-activity;sid:83690112; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.98.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827011/; classtype:trojan-activity;sid:83690111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827010)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827010/; classtype:trojan-activity;sid:83690110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.179.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827009/; classtype:trojan-activity;sid:83690109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827008)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.209.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827008/; classtype:trojan-activity;sid:83690108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827007)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827007/; classtype:trojan-activity;sid:83690107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827006)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827006/; classtype:trojan-activity;sid:83690106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827005)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.34.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827005/; classtype:trojan-activity;sid:83690105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.10.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827004/; classtype:trojan-activity;sid:83690104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827003)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.4.102.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827003/; classtype:trojan-activity;sid:83690103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827002)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827002/; classtype:trojan-activity;sid:83690102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827001/; classtype:trojan-activity;sid:83690101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2827000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2827000/; classtype:trojan-activity;sid:83690100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826999)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.180.181.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826999/; classtype:trojan-activity;sid:83690099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.92.82.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826998/; classtype:trojan-activity;sid:83690098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826997)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.221.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826997/; classtype:trojan-activity;sid:83690097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826996/; classtype:trojan-activity;sid:83690096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826995)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.63.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826995/; classtype:trojan-activity;sid:83690095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826994)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.56.105"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826994/; classtype:trojan-activity;sid:83690094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.57.161.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826993/; classtype:trojan-activity;sid:83690093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826992)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.41.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826992/; classtype:trojan-activity;sid:83690092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826991)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.179.171"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826991/; classtype:trojan-activity;sid:83690091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826990)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826990/; classtype:trojan-activity;sid:83690090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826988)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.69.67"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826988/; classtype:trojan-activity;sid:83690088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.246.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826989/; classtype:trojan-activity;sid:83690089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826987)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.205.58.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826987/; classtype:trojan-activity;sid:83690087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826986)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.149.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826986/; classtype:trojan-activity;sid:83690086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.6.238.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826985/; classtype:trojan-activity;sid:83690085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826984)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.238.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826984/; classtype:trojan-activity;sid:83690084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.57.161.110"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826983/; classtype:trojan-activity;sid:83690083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826982)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826982/; classtype:trojan-activity;sid:83690082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826981)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.63.205"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826981/; classtype:trojan-activity;sid:83690081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826980)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.92.82.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826980/; classtype:trojan-activity;sid:83690080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826979)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.52.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826979/; classtype:trojan-activity;sid:83690079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.81.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826978/; classtype:trojan-activity;sid:83690078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826977)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.152.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826977/; classtype:trojan-activity;sid:83690077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826976)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.14.162.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826976/; classtype:trojan-activity;sid:83690076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826975)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.10.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826975/; classtype:trojan-activity;sid:83690075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826972)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826972/; classtype:trojan-activity;sid:83690072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826973)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826973/; classtype:trojan-activity;sid:83690073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826974)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826974/; classtype:trojan-activity;sid:83690074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826967)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826967/; classtype:trojan-activity;sid:83690067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826968)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826968/; classtype:trojan-activity;sid:83690068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826969)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826969/; classtype:trojan-activity;sid:83690069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826970)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826970/; classtype:trojan-activity;sid:83690070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826971)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826971/; classtype:trojan-activity;sid:83690071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826965)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826965/; classtype:trojan-activity;sid:83690065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826966)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826966/; classtype:trojan-activity;sid:83690066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826964)"; flow:established,from_client; content:"GET"; http_method; content:"/files/advancedipscanner.msix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"138.124.180.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826964/; classtype:trojan-activity;sid:83690064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826963)"; flow:established,from_client; content:"GET"; http_method; content:"/files/advancedipscanner.msix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"cdn43.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826963/; classtype:trojan-activity;sid:83690063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826961/; classtype:trojan-activity;sid:83690061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826962)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.202.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826962/; classtype:trojan-activity;sid:83690062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826960)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/nwxqjh2y65y3zt35dymns/crack_installer_v5.8.zip|3f|rlkey=uv25ardxrjdbfusuzeccellen|7c|26|7c|dl=1"; http_uri; depth:103; isdataat:!1,relative; nocase; content:"www.dropbox.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826960/; classtype:trojan-activity;sid:83690060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826959)"; flow:established,from_client; content:"GET"; http_method; content:"/files/advancedipscanner.msix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"138.124.180.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826959/; classtype:trojan-activity;sid:83690059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826956)"; flow:established,from_client; content:"GET"; http_method; content:"/files/netsupport43.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"138.124.180.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826956/; classtype:trojan-activity;sid:83690056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826957)"; flow:established,from_client; content:"GET"; http_method; content:"/setup.rar"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"vaezmod.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826957/; classtype:trojan-activity;sid:83690057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826958)"; flow:established,from_client; content:"GET"; http_method; content:"/files/netsupport43.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"cdn43.space"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826958/; classtype:trojan-activity;sid:83690058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826955)"; flow:established,from_client; content:"GET"; http_method; content:"/files/netsupport43.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"138.124.180.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826955/; classtype:trojan-activity;sid:83690055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826954)"; flow:established,from_client; content:"GET"; http_method; content:"/condi/bot.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"91.92.240.43"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826954/; classtype:trojan-activity;sid:83690054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826952)"; flow:established,from_client; content:"GET"; http_method; content:"/cbztwxtoizdmwg3z7zzza6co7kz2zzhm5zkzl3gckzh4zy8zejz1lze4znrzzfzg8zyrz0zzkfzuzepz44zjpbb0zdcv8pslwbvf6iirafpps0shnosh7/foruncher_1.4.0.6.zip"; http_uri; depth:140; isdataat:!1,relative; nocase; content:"p-lux1.pcloud.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826952/; classtype:trojan-activity;sid:83690052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826953)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826953/; classtype:trojan-activity;sid:83690053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826951)"; flow:established,from_client; content:"GET"; http_method; content:"/iv.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826951/; classtype:trojan-activity;sid:83690051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.184.51.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826950/; classtype:trojan-activity;sid:83690050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826949)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.243.246.251"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826949/; classtype:trojan-activity;sid:83690049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.136.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826948/; classtype:trojan-activity;sid:83690048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826947)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.41.107"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826947/; classtype:trojan-activity;sid:83690047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826946)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.198"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826946/; classtype:trojan-activity;sid:83690046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.233.89.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826945/; classtype:trojan-activity;sid:83690045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.155.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826944/; classtype:trojan-activity;sid:83690044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826943)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.81.14"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826943/; classtype:trojan-activity;sid:83690043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826942/; classtype:trojan-activity;sid:83690042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826941)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.192.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826941/; classtype:trojan-activity;sid:83690041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826940)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.37.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826940/; classtype:trojan-activity;sid:83690040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826939)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.55.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826939/; classtype:trojan-activity;sid:83690039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826938)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.53.172.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826938/; classtype:trojan-activity;sid:83690038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826937)"; flow:established,from_client; content:"GET"; http_method; content:"/curl-amd64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826937/; classtype:trojan-activity;sid:83690037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826936)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.184.51.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826936/; classtype:trojan-activity;sid:83690036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826935)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.38.123.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826935/; classtype:trojan-activity;sid:83690035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826932)"; flow:established,from_client; content:"GET"; http_method; content:"/w.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826932/; classtype:trojan-activity;sid:83690032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826933)"; flow:established,from_client; content:"GET"; http_method; content:"/tf.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826933/; classtype:trojan-activity;sid:83690033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826934)"; flow:established,from_client; content:"GET"; http_method; content:"/lh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826934/; classtype:trojan-activity;sid:83690034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826929)"; flow:established,from_client; content:"GET"; http_method; content:"/d.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826929/; classtype:trojan-activity;sid:83690029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826930)"; flow:established,from_client; content:"GET"; http_method; content:"/a.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826930/; classtype:trojan-activity;sid:83690030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826931)"; flow:established,from_client; content:"GET"; http_method; content:"/c.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826931/; classtype:trojan-activity;sid:83690031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826928)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.141.227.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826928/; classtype:trojan-activity;sid:83690028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826927)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668963670|3f|hash=vyo83cyjarz9zpkgn3k5itb7zotsnjnnday7bgh4oyc|7c|26|7c|dl=ndifu6fs1h4zfuwzizkwh7txspbzr7dtwmnhnzmlmuz|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826927/; classtype:trojan-activity;sid:83690027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.79.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826926/; classtype:trojan-activity;sid:83690026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826925)"; flow:established,from_client; content:"GET"; http_method; content:"/libsystem.so"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826925/; classtype:trojan-activity;sid:83690025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826923)"; flow:established,from_client; content:"GET"; http_method; content:"/ex.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826923/; classtype:trojan-activity;sid:83690023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826924)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826924/; classtype:trojan-activity;sid:83690024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826922)"; flow:established,from_client; content:"GET"; http_method; content:"/kinsing_aarch64"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"195.123.226.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826922/; classtype:trojan-activity;sid:83690022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826920)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.221.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826920/; classtype:trojan-activity;sid:83690020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826921)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826921/; classtype:trojan-activity;sid:83690021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.237.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826919/; classtype:trojan-activity;sid:83690019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826918)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826918/; classtype:trojan-activity;sid:83690018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826917)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.136.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826917/; classtype:trojan-activity;sid:83690017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.142.251.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826915/; classtype:trojan-activity;sid:83690015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.67.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826916/; classtype:trojan-activity;sid:83690016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826914)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826914/; classtype:trojan-activity;sid:83690014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826913)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.197.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826913/; classtype:trojan-activity;sid:83690013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826912)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"178.141.227.103"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826912/; classtype:trojan-activity;sid:83690012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.182.182.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826910/; classtype:trojan-activity;sid:83690010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.132.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826911/; classtype:trojan-activity;sid:83690011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826909)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.212.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826909/; classtype:trojan-activity;sid:83690009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.164.229.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826908/; classtype:trojan-activity;sid:83690008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.180.96.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826907/; classtype:trojan-activity;sid:83690007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826906)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.197.245"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826906/; classtype:trojan-activity;sid:83690006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826905)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.233.89.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826905/; classtype:trojan-activity;sid:83690005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826904)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826904/; classtype:trojan-activity;sid:83690004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826903)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.67.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826903/; classtype:trojan-activity;sid:83690003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.56.145.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826902/; classtype:trojan-activity;sid:83690002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826901)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.177.105.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826901/; classtype:trojan-activity;sid:83690001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826900)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.253.118.70"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826900/; classtype:trojan-activity;sid:83690000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826899)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.181.75.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826899/; classtype:trojan-activity;sid:83689999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826898)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.32.172.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826898/; classtype:trojan-activity;sid:83689998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826897)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826897/; classtype:trojan-activity;sid:83689997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826896)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826896/; classtype:trojan-activity;sid:83689996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826894)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826894/; classtype:trojan-activity;sid:83689994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826895)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.205.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826895/; classtype:trojan-activity;sid:83689995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826893/; classtype:trojan-activity;sid:83689993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826892)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.56.2.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826892/; classtype:trojan-activity;sid:83689992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826891)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.237.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826891/; classtype:trojan-activity;sid:83689991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826889)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.251.169"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826889/; classtype:trojan-activity;sid:83689989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826890)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.222.237.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826890/; classtype:trojan-activity;sid:83689990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826888)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.152.49.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826888/; classtype:trojan-activity;sid:83689988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.43.111.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826887/; classtype:trojan-activity;sid:83689987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.82.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826886/; classtype:trojan-activity;sid:83689986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826885)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/f7c4dqk3"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826885/; classtype:trojan-activity;sid:83689985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.57.116.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826884/; classtype:trojan-activity;sid:83689984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826883)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.79.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826883/; classtype:trojan-activity;sid:83689983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826882)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.132.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826882/; classtype:trojan-activity;sid:83689982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826881)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.182.182.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826881/; classtype:trojan-activity;sid:83689981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826880)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/x83tekpwqurv"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"pasteio.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826880/; classtype:trojan-activity;sid:83689980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826879)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.23"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826879/; classtype:trojan-activity;sid:83689979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826878)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.180.96.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826878/; classtype:trojan-activity;sid:83689978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826877)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.252.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826877/; classtype:trojan-activity;sid:83689977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.225.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826876/; classtype:trojan-activity;sid:83689976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826875)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.82.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826875/; classtype:trojan-activity;sid:83689975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826874)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.56.145.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826874/; classtype:trojan-activity;sid:83689974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826873)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.251.66.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826873/; classtype:trojan-activity;sid:83689973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.211.137.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826872/; classtype:trojan-activity;sid:83689972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826871)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.43.111.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826871/; classtype:trojan-activity;sid:83689971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826870)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.57.116.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826870/; classtype:trojan-activity;sid:83689970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826869)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668920073|3f|hash=z7lx18povcrdxrs7btnvzrlnszx4xcaqves7r9ew87o|7c|26|7c|dl=2w0xo8mbsxiz7rn3jjzstlnhdjysrv1gf7hp70wugzg|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826869/; classtype:trojan-activity;sid:83689969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.79.188.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826868/; classtype:trojan-activity;sid:83689968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826867)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.40.181"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826867/; classtype:trojan-activity;sid:83689967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.45.48.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826865/; classtype:trojan-activity;sid:83689965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.196.36.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826866/; classtype:trojan-activity;sid:83689966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826864)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.99.147.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826864/; classtype:trojan-activity;sid:83689964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826863)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.181.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826863/; classtype:trojan-activity;sid:83689963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.180.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826862/; classtype:trojan-activity;sid:83689962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826861)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.189.42.183"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826861/; classtype:trojan-activity;sid:83689961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826860)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.105.133"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826860/; classtype:trojan-activity;sid:83689960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826859)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.225.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826859/; classtype:trojan-activity;sid:83689959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.117.12.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826858/; classtype:trojan-activity;sid:83689958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826857)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.76"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826857/; classtype:trojan-activity;sid:83689957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826856)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.137.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826856/; classtype:trojan-activity;sid:83689956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826843)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826843/; classtype:trojan-activity;sid:83689943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826844)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826844/; classtype:trojan-activity;sid:83689944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826845)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826845/; classtype:trojan-activity;sid:83689945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826846)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826846/; classtype:trojan-activity;sid:83689946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826847)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826847/; classtype:trojan-activity;sid:83689947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826848)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826848/; classtype:trojan-activity;sid:83689948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826849)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826849/; classtype:trojan-activity;sid:83689949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826850)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826850/; classtype:trojan-activity;sid:83689950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826851)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826851/; classtype:trojan-activity;sid:83689951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826852)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826852/; classtype:trojan-activity;sid:83689952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826853)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826853/; classtype:trojan-activity;sid:83689953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826854)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826854/; classtype:trojan-activity;sid:83689954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826855)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"95.164.63.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826855/; classtype:trojan-activity;sid:83689955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826842)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"114.134.189.60"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826842/; classtype:trojan-activity;sid:83689942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826838)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.224.227.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826838/; classtype:trojan-activity;sid:83689938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826839)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.224.227.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826839/; classtype:trojan-activity;sid:83689939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826840)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.224.227.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826840/; classtype:trojan-activity;sid:83689940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826841)"; flow:established,from_client; content:"GET"; http_method; content:"/main"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"23.224.227.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826841/; classtype:trojan-activity;sid:83689941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826837)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826837/; classtype:trojan-activity;sid:83689937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826836)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826836/; classtype:trojan-activity;sid:83689936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826834)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826834/; classtype:trojan-activity;sid:83689934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826835)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826835/; classtype:trojan-activity;sid:83689935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826833)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826833/; classtype:trojan-activity;sid:83689933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826830)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826830/; classtype:trojan-activity;sid:83689930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826831)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826831/; classtype:trojan-activity;sid:83689931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826832)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826832/; classtype:trojan-activity;sid:83689932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826828)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826828/; classtype:trojan-activity;sid:83689928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826829)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.8.9"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826829/; classtype:trojan-activity;sid:83689929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826827)"; flow:established,from_client; content:"GET"; http_method; content:"/.ssh4"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826827/; classtype:trojan-activity;sid:83689927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826825)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826825/; classtype:trojan-activity;sid:83689925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826826)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826826/; classtype:trojan-activity;sid:83689926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826822)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826822/; classtype:trojan-activity;sid:83689922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826823)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826823/; classtype:trojan-activity;sid:83689923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826824)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826824/; classtype:trojan-activity;sid:83689924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826817)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826817/; classtype:trojan-activity;sid:83689917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826818)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826818/; classtype:trojan-activity;sid:83689918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826819)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826819/; classtype:trojan-activity;sid:83689919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826820)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826820/; classtype:trojan-activity;sid:83689920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826821)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826821/; classtype:trojan-activity;sid:83689921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826816)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826816/; classtype:trojan-activity;sid:83689916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826815)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826815/; classtype:trojan-activity;sid:83689915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826811)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826811/; classtype:trojan-activity;sid:83689911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826812)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826812/; classtype:trojan-activity;sid:83689912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826813)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826813/; classtype:trojan-activity;sid:83689913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826814)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826814/; classtype:trojan-activity;sid:83689914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826809)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826809/; classtype:trojan-activity;sid:83689909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826810)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"bot.qngxgw.eu.org"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826810/; classtype:trojan-activity;sid:83689910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826803)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826803/; classtype:trojan-activity;sid:83689903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826804)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826804/; classtype:trojan-activity;sid:83689904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826805)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826805/; classtype:trojan-activity;sid:83689905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826806)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826806/; classtype:trojan-activity;sid:83689906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826807)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826807/; classtype:trojan-activity;sid:83689907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826808)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"89.185.30.66"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826808/; classtype:trojan-activity;sid:83689908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826802)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.45.48.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826802/; classtype:trojan-activity;sid:83689902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826801)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.227.25"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826801/; classtype:trojan-activity;sid:83689901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.6.243.150"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826800/; classtype:trojan-activity;sid:83689900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826798)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.46.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826798/; classtype:trojan-activity;sid:83689898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826799)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.10.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826799/; classtype:trojan-activity;sid:83689899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826797)"; flow:established,from_client; content:"GET"; http_method; content:"/jdsfl.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826797/; classtype:trojan-activity;sid:83689897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826796)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.36.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826796/; classtype:trojan-activity;sid:83689896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826795)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.228.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826795/; classtype:trojan-activity;sid:83689895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826793)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"iaue.anesthetics.biomedzglobal.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826793/; classtype:trojan-activity;sid:83689893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826794)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"bxs.anesthetics.biomedzglobal.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826794/; classtype:trojan-activity;sid:83689894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.140.123.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826792/; classtype:trojan-activity;sid:83689892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826791)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826791/; classtype:trojan-activity;sid:83689891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826789)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826789/; classtype:trojan-activity;sid:83689889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826790)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.133.55"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826790/; classtype:trojan-activity;sid:83689890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826782)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826782/; classtype:trojan-activity;sid:83689882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826783)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826783/; classtype:trojan-activity;sid:83689883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826784)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826784/; classtype:trojan-activity;sid:83689884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826785)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826785/; classtype:trojan-activity;sid:83689885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826786)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826786/; classtype:trojan-activity;sid:83689886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826787)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826787/; classtype:trojan-activity;sid:83689887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826788)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826788/; classtype:trojan-activity;sid:83689888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826781)"; flow:established,from_client; content:"GET"; http_method; content:"/.test.arc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826781/; classtype:trojan-activity;sid:83689881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826776)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826776/; classtype:trojan-activity;sid:83689876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826777)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826777/; classtype:trojan-activity;sid:83689877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826778)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826778/; classtype:trojan-activity;sid:83689878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826779)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826779/; classtype:trojan-activity;sid:83689879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826780)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826780/; classtype:trojan-activity;sid:83689880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826775)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826775/; classtype:trojan-activity;sid:83689875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.206.191.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826767/; classtype:trojan-activity;sid:83689867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826768)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826768/; classtype:trojan-activity;sid:83689868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826769)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826769/; classtype:trojan-activity;sid:83689869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826770)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826770/; classtype:trojan-activity;sid:83689870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826771)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826771/; classtype:trojan-activity;sid:83689871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826772)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826772/; classtype:trojan-activity;sid:83689872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.22.238.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826773/; classtype:trojan-activity;sid:83689873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826774)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826774/; classtype:trojan-activity;sid:83689874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826764)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826764/; classtype:trojan-activity;sid:83689864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826765)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826765/; classtype:trojan-activity;sid:83689865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826766)"; flow:established,from_client; content:"GET"; http_method; content:"/r"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826766/; classtype:trojan-activity;sid:83689866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826763)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.198.180"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826763/; classtype:trojan-activity;sid:83689863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826762)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.206.191.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826762/; classtype:trojan-activity;sid:83689862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826761)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.117.12.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826761/; classtype:trojan-activity;sid:83689861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.49.72.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826760/; classtype:trojan-activity;sid:83689860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.199.72.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826759/; classtype:trojan-activity;sid:83689859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.92.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826758/; classtype:trojan-activity;sid:83689858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826757)"; flow:established,from_client; content:"GET"; http_method; content:"/doc5294803_668970097|3f|hash=pgjlcumcdrplgyv4zjeyioi64dzahbljb7h3r1s4ixw|7c|26|7c|dl=3vwyibbuzxf5evxnrwcgbiu7rvkznddcr6v8zzejlap|7c|26|7c|api=1|7c|26|7c|no_preview=1"; http_uri; depth:166; isdataat:!1,relative; nocase; content:"vk.com"; http_host; depth:6; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826757/; classtype:trojan-activity;sid:83689857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826756)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.193.108"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826756/; classtype:trojan-activity;sid:83689856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826755)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.167.37.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826755/; classtype:trojan-activity;sid:83689855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826754)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.125.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826754/; classtype:trojan-activity;sid:83689854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826753)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.144.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826753/; classtype:trojan-activity;sid:83689853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.123.71.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826752/; classtype:trojan-activity;sid:83689852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826751)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.53.172.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826751/; classtype:trojan-activity;sid:83689851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826747)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826747/; classtype:trojan-activity;sid:83689847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826748)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826748/; classtype:trojan-activity;sid:83689848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826749)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826749/; classtype:trojan-activity;sid:83689849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826750)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826750/; classtype:trojan-activity;sid:83689850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826746)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826746/; classtype:trojan-activity;sid:83689846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826743)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.94.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826743/; classtype:trojan-activity;sid:83689843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826744)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826744/; classtype:trojan-activity;sid:83689844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826745)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826745/; classtype:trojan-activity;sid:83689845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826739)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826739/; classtype:trojan-activity;sid:83689839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826740)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826740/; classtype:trojan-activity;sid:83689840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826741)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826741/; classtype:trojan-activity;sid:83689841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826742)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.88.90.46"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826742/; classtype:trojan-activity;sid:83689842; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826738)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.22.238.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826738/; classtype:trojan-activity;sid:83689838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.211.45.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826736/; classtype:trojan-activity;sid:83689836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826737)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.72.113"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826737/; classtype:trojan-activity;sid:83689837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826735)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826735/; classtype:trojan-activity;sid:83689835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826733)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.154.172.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826733/; classtype:trojan-activity;sid:83689833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.13.85.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826734/; classtype:trojan-activity;sid:83689834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.209.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826732/; classtype:trojan-activity;sid:83689832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826731)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.2.161.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826731/; classtype:trojan-activity;sid:83689831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826730)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.35.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826730/; classtype:trojan-activity;sid:83689830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826728)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.26.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826728/; classtype:trojan-activity;sid:83689828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826729)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.22.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826729/; classtype:trojan-activity;sid:83689829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826727)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.215.249.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826727/; classtype:trojan-activity;sid:83689827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.233.161.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826726/; classtype:trojan-activity;sid:83689826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.221.97.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826725/; classtype:trojan-activity;sid:83689825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.24.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826724/; classtype:trojan-activity;sid:83689824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826723)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.23.158.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826723/; classtype:trojan-activity;sid:83689823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.121.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826722/; classtype:trojan-activity;sid:83689822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826721)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.211.45.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826721/; classtype:trojan-activity;sid:83689821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826720/; classtype:trojan-activity;sid:83689820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826719)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826719/; classtype:trojan-activity;sid:83689819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826718)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lvh.anesthetics.biomedzglobal.com"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826718/; classtype:trojan-activity;sid:83689818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.227.236.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826717/; classtype:trojan-activity;sid:83689817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.78.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826716/; classtype:trojan-activity;sid:83689816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826715)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.105.221"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826715/; classtype:trojan-activity;sid:83689815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826714)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.233.161.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826714/; classtype:trojan-activity;sid:83689814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.46.246.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826713/; classtype:trojan-activity;sid:83689813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826712)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826712/; classtype:trojan-activity;sid:83689812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826711)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.24.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826711/; classtype:trojan-activity;sid:83689811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.112.101.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826710/; classtype:trojan-activity;sid:83689810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826709)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.121.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826709/; classtype:trojan-activity;sid:83689809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.207.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826708/; classtype:trojan-activity;sid:83689808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826707)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.209.208.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826707/; classtype:trojan-activity;sid:83689807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826706)"; flow:established,from_client; content:"GET"; http_method; content:"/sh"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.243.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826706/; classtype:trojan-activity;sid:83689806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.14.46.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826705/; classtype:trojan-activity;sid:83689805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826704)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.227.236.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826704/; classtype:trojan-activity;sid:83689804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.130.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826703/; classtype:trojan-activity;sid:83689803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.24.36.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826702/; classtype:trojan-activity;sid:83689802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.70.147"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826701/; classtype:trojan-activity;sid:83689801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826700)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.88"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826700/; classtype:trojan-activity;sid:83689800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826699)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.78.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826699/; classtype:trojan-activity;sid:83689799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826698)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.182.255.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826698/; classtype:trojan-activity;sid:83689798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826697)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.97.196.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826697/; classtype:trojan-activity;sid:83689797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826696)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.112.101.117"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826696/; classtype:trojan-activity;sid:83689796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826695)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.94.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826695/; classtype:trojan-activity;sid:83689795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826694)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.124.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826694/; classtype:trojan-activity;sid:83689794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826693)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.17.231"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826693/; classtype:trojan-activity;sid:83689793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826692)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.34.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826692/; classtype:trojan-activity;sid:83689792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826691)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.46.246.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826691/; classtype:trojan-activity;sid:83689791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.201.15.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826690/; classtype:trojan-activity;sid:83689790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826689)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"194.15.113.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826689/; classtype:trojan-activity;sid:83689789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826688)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.124.41.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826688/; classtype:trojan-activity;sid:83689788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.117.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826687/; classtype:trojan-activity;sid:83689787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826681)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826681/; classtype:trojan-activity;sid:83689781; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826682)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826682/; classtype:trojan-activity;sid:83689782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826683)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826683/; classtype:trojan-activity;sid:83689783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826684)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826684/; classtype:trojan-activity;sid:83689784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826685)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826685/; classtype:trojan-activity;sid:83689785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826686)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826686/; classtype:trojan-activity;sid:83689786; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826679)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826679/; classtype:trojan-activity;sid:83689779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826680)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826680/; classtype:trojan-activity;sid:83689780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826672)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826672/; classtype:trojan-activity;sid:83689772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826673)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826673/; classtype:trojan-activity;sid:83689773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826674)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826674/; classtype:trojan-activity;sid:83689774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826675)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826675/; classtype:trojan-activity;sid:83689775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826676)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826676/; classtype:trojan-activity;sid:83689776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826677)"; flow:established,from_client; content:"GET"; http_method; content:"/most-m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826677/; classtype:trojan-activity;sid:83689777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826678)"; flow:established,from_client; content:"GET"; http_method; content:"/most-sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826678/; classtype:trojan-activity;sid:83689778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826671)"; flow:established,from_client; content:"GET"; http_method; content:"/and"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826671/; classtype:trojan-activity;sid:83689771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826670)"; flow:established,from_client; content:"GET"; http_method; content:"/most-spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826670/; classtype:trojan-activity;sid:83689770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826666)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826666/; classtype:trojan-activity;sid:83689766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826667)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826667/; classtype:trojan-activity;sid:83689767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826668)"; flow:established,from_client; content:"GET"; http_method; content:"/most-ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"domain-botnet.servehttp.com"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826668/; classtype:trojan-activity;sid:83689768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826669)"; flow:established,from_client; content:"GET"; http_method; content:"/and"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826669/; classtype:trojan-activity;sid:83689769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826661)"; flow:established,from_client; content:"GET"; http_method; content:"/most-m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826661/; classtype:trojan-activity;sid:83689761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826662)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826662/; classtype:trojan-activity;sid:83689762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826663)"; flow:established,from_client; content:"GET"; http_method; content:"/most-x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826663/; classtype:trojan-activity;sid:83689763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826664)"; flow:established,from_client; content:"GET"; http_method; content:"/most-mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826664/; classtype:trojan-activity;sid:83689764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826665)"; flow:established,from_client; content:"GET"; http_method; content:"/most-sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826665/; classtype:trojan-activity;sid:83689765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826659)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826659/; classtype:trojan-activity;sid:83689759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826660)"; flow:established,from_client; content:"GET"; http_method; content:"/most-arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826660/; classtype:trojan-activity;sid:83689760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826657)"; flow:established,from_client; content:"GET"; http_method; content:"/most-ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826657/; classtype:trojan-activity;sid:83689757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826658)"; flow:established,from_client; content:"GET"; http_method; content:"/most-spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"51.79.217.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826658/; classtype:trojan-activity;sid:83689758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826656)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.46.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826656/; classtype:trojan-activity;sid:83689756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826655)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.179"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826655/; classtype:trojan-activity;sid:83689755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.251.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826653/; classtype:trojan-activity;sid:83689753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.165.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826654/; classtype:trojan-activity;sid:83689754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826652)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.235.97"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826652/; classtype:trojan-activity;sid:83689752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826651)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.6.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826651/; classtype:trojan-activity;sid:83689751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826650)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.199.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826650/; classtype:trojan-activity;sid:83689750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826649)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.33.43.94"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826649/; classtype:trojan-activity;sid:83689749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826647)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.132.11.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826647/; classtype:trojan-activity;sid:83689747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826648)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.39.117"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826648/; classtype:trojan-activity;sid:83689748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826645)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.218.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826645/; classtype:trojan-activity;sid:83689745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826646)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.100.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826646/; classtype:trojan-activity;sid:83689746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826644)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.86.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826644/; classtype:trojan-activity;sid:83689744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826643)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.103.103.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826643/; classtype:trojan-activity;sid:83689743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826642)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"116.140.173.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826642/; classtype:trojan-activity;sid:83689742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826639)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826639/; classtype:trojan-activity;sid:83689739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826640)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826640/; classtype:trojan-activity;sid:83689740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826641)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826641/; classtype:trojan-activity;sid:83689741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826634)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826634/; classtype:trojan-activity;sid:83689734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826635)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826635/; classtype:trojan-activity;sid:83689735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826636)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826636/; classtype:trojan-activity;sid:83689736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826637)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826637/; classtype:trojan-activity;sid:83689737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826638)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826638/; classtype:trojan-activity;sid:83689738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826631)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826631/; classtype:trojan-activity;sid:83689731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826632)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826632/; classtype:trojan-activity;sid:83689732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826633)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826633/; classtype:trojan-activity;sid:83689733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826629)"; flow:established,from_client; content:"GET"; http_method; content:"/and"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826629/; classtype:trojan-activity;sid:83689729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826630)"; flow:established,from_client; content:"GET"; http_method; content:"/a"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.97.132.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826630/; classtype:trojan-activity;sid:83689730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826628)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826628/; classtype:trojan-activity;sid:83689728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.136.170.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826627/; classtype:trojan-activity;sid:83689727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.230.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826626/; classtype:trojan-activity;sid:83689726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826625)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.199.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826625/; classtype:trojan-activity;sid:83689725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826624)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.251.153"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826624/; classtype:trojan-activity;sid:83689724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826622)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.199.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826622/; classtype:trojan-activity;sid:83689722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826623)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.61.144.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826623/; classtype:trojan-activity;sid:83689723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826621)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.119.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826621/; classtype:trojan-activity;sid:83689721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826620)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.211.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826620/; classtype:trojan-activity;sid:83689720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826619)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.15.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826619/; classtype:trojan-activity;sid:83689719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826618)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.117.172"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826618/; classtype:trojan-activity;sid:83689718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.239.123.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826617/; classtype:trojan-activity;sid:83689717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.123.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826616/; classtype:trojan-activity;sid:83689716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.92.41.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826615/; classtype:trojan-activity;sid:83689715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826614)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.41.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826614/; classtype:trojan-activity;sid:83689714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826613)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.71.200"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826613/; classtype:trojan-activity;sid:83689713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826611)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.190.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826611/; classtype:trojan-activity;sid:83689711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826612)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.97.163.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826612/; classtype:trojan-activity;sid:83689712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826609)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.205.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826609/; classtype:trojan-activity;sid:83689709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826610)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.202.22.240"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826610/; classtype:trojan-activity;sid:83689710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826608)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826608/; classtype:trojan-activity;sid:83689708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826607)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826607/; classtype:trojan-activity;sid:83689707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826601)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86_64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826601/; classtype:trojan-activity;sid:83689701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826602)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826602/; classtype:trojan-activity;sid:83689702; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826603)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826603/; classtype:trojan-activity;sid:83689703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826604)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826604/; classtype:trojan-activity;sid:83689704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826605)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826605/; classtype:trojan-activity;sid:83689705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.232.212.156"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826606/; classtype:trojan-activity;sid:83689706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826595)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826595/; classtype:trojan-activity;sid:83689695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826596)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826596/; classtype:trojan-activity;sid:83689696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826597)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826597/; classtype:trojan-activity;sid:83689697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826598)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826598/; classtype:trojan-activity;sid:83689698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826599)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826599/; classtype:trojan-activity;sid:83689699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826600)"; flow:established,from_client; content:"GET"; http_method; content:"/vlxx.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"14.225.219.252"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826600/; classtype:trojan-activity;sid:83689700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.128.106.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826594/; classtype:trojan-activity;sid:83689694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826593)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.87.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826593/; classtype:trojan-activity;sid:83689693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826592/; classtype:trojan-activity;sid:83689692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826591)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.177.184.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826591/; classtype:trojan-activity;sid:83689691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826590)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.173.55"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826590/; classtype:trojan-activity;sid:83689690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826589)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.245.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826589/; classtype:trojan-activity;sid:83689689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826588)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.23.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826588/; classtype:trojan-activity;sid:83689688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826587)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.36.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826587/; classtype:trojan-activity;sid:83689687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826586)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.41.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826586/; classtype:trojan-activity;sid:83689686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826585)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.209.22.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826585/; classtype:trojan-activity;sid:83689685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826584)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.150.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826584/; classtype:trojan-activity;sid:83689684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826583/; classtype:trojan-activity;sid:83689683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826582)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"82.209.166.62"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826582/; classtype:trojan-activity;sid:83689682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826581)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.180.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826581/; classtype:trojan-activity;sid:83689681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.40.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826580/; classtype:trojan-activity;sid:83689680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826579)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.128.106.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826579/; classtype:trojan-activity;sid:83689679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826578)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.59.78.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826578/; classtype:trojan-activity;sid:83689678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826577)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.199.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826577/; classtype:trojan-activity;sid:83689677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.143.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826576/; classtype:trojan-activity;sid:83689676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826575)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826575/; classtype:trojan-activity;sid:83689675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826574)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.136.170.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826574/; classtype:trojan-activity;sid:83689674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826572)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.255.40.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826572/; classtype:trojan-activity;sid:83689672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826573)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826573/; classtype:trojan-activity;sid:83689673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826571)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.171.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826571/; classtype:trojan-activity;sid:83689671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826570)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.123.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826570/; classtype:trojan-activity;sid:83689670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826569)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.40.141"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826569/; classtype:trojan-activity;sid:83689669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826568)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.188.187"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826568/; classtype:trojan-activity;sid:83689668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826567)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.21.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826567/; classtype:trojan-activity;sid:83689667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.237.99.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826566/; classtype:trojan-activity;sid:83689666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.229.181.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826565/; classtype:trojan-activity;sid:83689665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826564)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.121.52.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826564/; classtype:trojan-activity;sid:83689664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826563)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.92.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826563/; classtype:trojan-activity;sid:83689663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826562)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.95.133.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826562/; classtype:trojan-activity;sid:83689662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826561)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.37.110.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826561/; classtype:trojan-activity;sid:83689661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826560)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826560/; classtype:trojan-activity;sid:83689660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.205.217.126"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826559/; classtype:trojan-activity;sid:83689659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826558)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"183.149.236.226"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826558/; classtype:trojan-activity;sid:83689658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826557)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.130.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826557/; classtype:trojan-activity;sid:83689657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826556)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.253.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826556/; classtype:trojan-activity;sid:83689656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826555)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.116.21.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826555/; classtype:trojan-activity;sid:83689655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826554)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.101.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826554/; classtype:trojan-activity;sid:83689654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826553)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.52.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826553/; classtype:trojan-activity;sid:83689653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.157.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826552/; classtype:trojan-activity;sid:83689652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826551)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.248.59.216"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826551/; classtype:trojan-activity;sid:83689651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.239.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826550/; classtype:trojan-activity;sid:83689650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826549)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.92.45"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826549/; classtype:trojan-activity;sid:83689649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826548)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.214.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826548/; classtype:trojan-activity;sid:83689648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826547)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.252.49.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826547/; classtype:trojan-activity;sid:83689647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826546)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.33.249.11"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826546/; classtype:trojan-activity;sid:83689646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826545)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.232.209.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826545/; classtype:trojan-activity;sid:83689645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826543)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.92"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826543/; classtype:trojan-activity;sid:83689643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826544)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.181.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826544/; classtype:trojan-activity;sid:83689644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.69.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826542/; classtype:trojan-activity;sid:83689642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826541)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.237.99.152"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826541/; classtype:trojan-activity;sid:83689641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826540)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.157.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826540/; classtype:trojan-activity;sid:83689640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826539)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826539/; classtype:trojan-activity;sid:83689639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826538)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.112.25.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826538/; classtype:trojan-activity;sid:83689638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826537)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.79.67.54"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826537/; classtype:trojan-activity;sid:83689637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826529)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826529/; classtype:trojan-activity;sid:83689629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826530)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.spc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826530/; classtype:trojan-activity;sid:83689630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826531)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826531/; classtype:trojan-activity;sid:83689631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826532)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826532/; classtype:trojan-activity;sid:83689632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826533)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826533/; classtype:trojan-activity;sid:83689633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826534)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826534/; classtype:trojan-activity;sid:83689634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826535)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm7"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826535/; classtype:trojan-activity;sid:83689635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826536)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826536/; classtype:trojan-activity;sid:83689636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826525)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826525/; classtype:trojan-activity;sid:83689625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826526)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.x86"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826526/; classtype:trojan-activity;sid:83689626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826527)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826527/; classtype:trojan-activity;sid:83689627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826528)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826528/; classtype:trojan-activity;sid:83689628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826521)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm6"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826521/; classtype:trojan-activity;sid:83689621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826522)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826522/; classtype:trojan-activity;sid:83689622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826523)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826523/; classtype:trojan-activity;sid:83689623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826524)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"nocrynetworking.duckdns.org"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826524/; classtype:trojan-activity;sid:83689624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826516)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mips"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826516/; classtype:trojan-activity;sid:83689616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826517)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.m68k"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826517/; classtype:trojan-activity;sid:83689617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826518)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.arm5"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826518/; classtype:trojan-activity;sid:83689618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826519)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.mpsl"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826519/; classtype:trojan-activity;sid:83689619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826520)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.ppc"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826520/; classtype:trojan-activity;sid:83689620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826514)"; flow:established,from_client; content:"GET"; http_method; content:"/8usa.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826514/; classtype:trojan-activity;sid:83689614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826515)"; flow:established,from_client; content:"GET"; http_method; content:"/ab4g5/josho.sh4"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"209.14.69.249"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826515/; classtype:trojan-activity;sid:83689615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826513)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.192.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826513/; classtype:trojan-activity;sid:83689613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.90.148.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826512/; classtype:trojan-activity;sid:83689612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826511)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.74.117"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826511/; classtype:trojan-activity;sid:83689611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.50.223.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826510/; classtype:trojan-activity;sid:83689610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826509)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.53.38.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826509/; classtype:trojan-activity;sid:83689609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826508)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826508/; classtype:trojan-activity;sid:83689608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.79.145"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826507/; classtype:trojan-activity;sid:83689607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826506)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.216.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826506/; classtype:trojan-activity;sid:83689606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826505)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.252.165.46"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826505/; classtype:trojan-activity;sid:83689605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826498)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.178.154.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826498/; classtype:trojan-activity;sid:83689598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826499)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.m68k"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826499/; classtype:trojan-activity;sid:83689599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826500)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826500/; classtype:trojan-activity;sid:83689600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826501)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm6"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826501/; classtype:trojan-activity;sid:83689601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826502)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.arm7"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826502/; classtype:trojan-activity;sid:83689602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826503)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.arm6"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826503/; classtype:trojan-activity;sid:83689603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826504)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm7"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826504/; classtype:trojan-activity;sid:83689604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826486)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.ppc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826486/; classtype:trojan-activity;sid:83689586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826487)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.mpsl"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826487/; classtype:trojan-activity;sid:83689587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826488)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.mips"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826488/; classtype:trojan-activity;sid:83689588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826489)"; flow:established,from_client; content:"GET"; http_method; content:"/g.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826489/; classtype:trojan-activity;sid:83689589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826490)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.x86"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826490/; classtype:trojan-activity;sid:83689590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826491)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm5"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826491/; classtype:trojan-activity;sid:83689591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826492)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.arm5"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826492/; classtype:trojan-activity;sid:83689592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826493)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.ppc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826493/; classtype:trojan-activity;sid:83689593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826494)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.arm"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826494/; classtype:trojan-activity;sid:83689594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826495)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.arm"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826495/; classtype:trojan-activity;sid:83689595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826496)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.mips"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826496/; classtype:trojan-activity;sid:83689596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826497)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.i686"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826497/; classtype:trojan-activity;sid:83689597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826481)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.x86_64"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826481/; classtype:trojan-activity;sid:83689581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826482)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.sh4"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826482/; classtype:trojan-activity;sid:83689582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826483)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.mpsl"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826483/; classtype:trojan-activity;sid:83689583; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826484)"; flow:established,from_client; content:"GET"; http_method; content:"/fyx.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826484/; classtype:trojan-activity;sid:83689584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826485)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/ninja.x86"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826485/; classtype:trojan-activity;sid:83689585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826478)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.spc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826478/; classtype:trojan-activity;sid:83689578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826479)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.m68k"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826479/; classtype:trojan-activity;sid:83689579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826480)"; flow:established,from_client; content:"GET"; http_method; content:"/jj.arc"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"143.198.199.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826480/; classtype:trojan-activity;sid:83689580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826477)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826477/; classtype:trojan-activity;sid:83689577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.86.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826476/; classtype:trojan-activity;sid:83689576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826474)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.132.186.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826474/; classtype:trojan-activity;sid:83689574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826475)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826475/; classtype:trojan-activity;sid:83689575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826473)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.240.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826473/; classtype:trojan-activity;sid:83689573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826472)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.69.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826472/; classtype:trojan-activity;sid:83689572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826471)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.223.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826471/; classtype:trojan-activity;sid:83689571; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826469)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.90.148.107"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826469/; classtype:trojan-activity;sid:83689569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.26.113.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826470/; classtype:trojan-activity;sid:83689570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826468)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.50.48.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826468/; classtype:trojan-activity;sid:83689568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826467)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.198.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826467/; classtype:trojan-activity;sid:83689567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826466)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.53.38.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826466/; classtype:trojan-activity;sid:83689566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826465)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826465/; classtype:trojan-activity;sid:83689565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826464)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.216.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826464/; classtype:trojan-activity;sid:83689564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826461)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.40.123.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826461/; classtype:trojan-activity;sid:83689561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826462)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"180.105.182.7"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826462/; classtype:trojan-activity;sid:83689562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826463)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826463/; classtype:trojan-activity;sid:83689563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.68.217"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826460/; classtype:trojan-activity;sid:83689560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.197.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826459/; classtype:trojan-activity;sid:83689559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826458)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.178.154.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826458/; classtype:trojan-activity;sid:83689558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826457)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.203.20.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826457/; classtype:trojan-activity;sid:83689557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826456)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.197.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826456/; classtype:trojan-activity;sid:83689556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826455)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.116.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826455/; classtype:trojan-activity;sid:83689555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826454)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.113.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826454/; classtype:trojan-activity;sid:83689554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826453)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.80.180"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826453/; classtype:trojan-activity;sid:83689553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.254.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826452/; classtype:trojan-activity;sid:83689552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826451)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.198.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826451/; classtype:trojan-activity;sid:83689551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826450)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.254.245.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826450/; classtype:trojan-activity;sid:83689550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826447)"; flow:established,from_client; content:"GET"; http_method; content:"/het.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826447/; classtype:trojan-activity;sid:83689547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826448)"; flow:established,from_client; content:"GET"; http_method; content:"/het.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826448/; classtype:trojan-activity;sid:83689548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826449)"; flow:established,from_client; content:"GET"; http_method; content:"/s.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826449/; classtype:trojan-activity;sid:83689549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826442)"; flow:established,from_client; content:"GET"; http_method; content:"/s.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826442/; classtype:trojan-activity;sid:83689542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826443)"; flow:established,from_client; content:"GET"; http_method; content:"/hetlerr.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826443/; classtype:trojan-activity;sid:83689543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826444)"; flow:established,from_client; content:"GET"; http_method; content:"/hetlerr.txt"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826444/; classtype:trojan-activity;sid:83689544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826445)"; flow:established,from_client; content:"GET"; http_method; content:"/name.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826445/; classtype:trojan-activity;sid:83689545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826446)"; flow:established,from_client; content:"GET"; http_method; content:"/name.hta"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"154.12.231.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826446/; classtype:trojan-activity;sid:83689546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.175.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826441/; classtype:trojan-activity;sid:83689541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826439)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.174.75.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826439/; classtype:trojan-activity;sid:83689539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.113.38.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826440/; classtype:trojan-activity;sid:83689540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826438)"; flow:established,from_client; content:"GET"; http_method; content:"/test/chroom.msi"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"157.254.223.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826438/; classtype:trojan-activity;sid:83689538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826437)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.76.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826437/; classtype:trojan-activity;sid:83689537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826435)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/docs.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"157.254.223.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826435/; classtype:trojan-activity;sid:83689535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826436)"; flow:established,from_client; content:"GET"; http_method; content:"/lop.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.254.223.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826436/; classtype:trojan-activity;sid:83689536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826433)"; flow:established,from_client; content:"GET"; http_method; content:"/new/docs.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"157.254.223.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826433/; classtype:trojan-activity;sid:83689533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826434)"; flow:established,from_client; content:"GET"; http_method; content:"/job.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"157.254.223.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826434/; classtype:trojan-activity;sid:83689534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826431)"; flow:established,from_client; content:"GET"; http_method; content:"/new.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5ra.webredirect.org"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826431/; classtype:trojan-activity;sid:83689531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826432)"; flow:established,from_client; content:"GET"; http_method; content:"/2137057835559046828510194350082365603546794285847027153416703231275563534556797725108888957726321226.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826432/; classtype:trojan-activity;sid:83689532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826420)"; flow:established,from_client; content:"GET"; http_method; content:"/7647824289908231517207290670446594803137398043655066048531114401136813447444679107869361499907853696.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826420/; classtype:trojan-activity;sid:83689520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826421)"; flow:established,from_client; content:"GET"; http_method; content:"/1889095363610255072177694555853761752011855856102991250183956001570579160750671115199604000378077387.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826421/; classtype:trojan-activity;sid:83689521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826422)"; flow:established,from_client; content:"GET"; http_method; content:"/7622356415141926713395800056619299945065033534712221611316312910923323586697862666215358667620734369.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826422/; classtype:trojan-activity;sid:83689522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826423)"; flow:established,from_client; content:"GET"; http_method; content:"/0677824852965995651445836789921555746621265195640228224927557426684192970728067645353963371554848463.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826423/; classtype:trojan-activity;sid:83689523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826424)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826424/; classtype:trojan-activity;sid:83689524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826425)"; flow:established,from_client; content:"GET"; http_method; content:"/2536572464339624233120338080274331861580016248613894085310336412126521386102604154068745315329150386.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826425/; classtype:trojan-activity;sid:83689525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826426)"; flow:established,from_client; content:"GET"; http_method; content:"/6363744648099551360755403828276372270999494045805445694520933638222145906337281691187198972368436989.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826426/; classtype:trojan-activity;sid:83689526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826427)"; flow:established,from_client; content:"GET"; http_method; content:"/8784586110397902985941355617867303511293264285571986137137984864580271489863480483432781044803314858.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826427/; classtype:trojan-activity;sid:83689527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826428)"; flow:established,from_client; content:"GET"; http_method; content:"/6597266843402901200258582771524313639894816564947000550550729775158669450509040529281647994021543748.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826428/; classtype:trojan-activity;sid:83689528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826429)"; flow:established,from_client; content:"GET"; http_method; content:"/8192913746031376662908892739615716782193036299561825246162506013388295040333066043498227897389904968.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826429/; classtype:trojan-activity;sid:83689529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826430)"; flow:established,from_client; content:"GET"; http_method; content:"/new.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826430/; classtype:trojan-activity;sid:83689530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826419)"; flow:established,from_client; content:"GET"; http_method; content:"/3163397736143442902929233217218044299299830719731982706619641018638200789029082734523951326614679069.txt"; http_uri; depth:105; isdataat:!1,relative; nocase; content:"149.102.147.106"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826419/; classtype:trojan-activity;sid:83689519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826418)"; flow:established,from_client; content:"GET"; http_method; content:"//g.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826418/; classtype:trojan-activity;sid:83689518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826417)"; flow:established,from_client; content:"GET"; http_method; content:"//qv.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826417/; classtype:trojan-activity;sid:83689517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826416)"; flow:established,from_client; content:"GET"; http_method; content:"//b.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826416/; classtype:trojan-activity;sid:83689516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826415)"; flow:established,from_client; content:"GET"; http_method; content:"//ty.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826415/; classtype:trojan-activity;sid:83689515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826411)"; flow:established,from_client; content:"GET"; http_method; content:"//f%20old.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826411/; classtype:trojan-activity;sid:83689511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826412)"; flow:established,from_client; content:"GET"; http_method; content:"//r.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826412/; classtype:trojan-activity;sid:83689512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826413)"; flow:established,from_client; content:"GET"; http_method; content:"//f%20old2.jpg"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826413/; classtype:trojan-activity;sid:83689513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826414)"; flow:established,from_client; content:"GET"; http_method; content:"//z.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826414/; classtype:trojan-activity;sid:83689514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826409)"; flow:established,from_client; content:"GET"; http_method; content:"//xx.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826409/; classtype:trojan-activity;sid:83689509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826410)"; flow:established,from_client; content:"GET"; http_method; content:"//f.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826410/; classtype:trojan-activity;sid:83689510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826407)"; flow:established,from_client; content:"GET"; http_method; content:"/5fft.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826407/; classtype:trojan-activity;sid:83689507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826408)"; flow:established,from_client; content:"GET"; http_method; content:"/s.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"109.199.101.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826408/; classtype:trojan-activity;sid:83689508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826406)"; flow:established,from_client; content:"GET"; http_method; content:"/sd.jpg"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826406/; classtype:trojan-activity;sid:83689506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826404)"; flow:established,from_client; content:"GET"; http_method; content:"/cscf.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826404/; classtype:trojan-activity;sid:83689504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826405)"; flow:established,from_client; content:"GET"; http_method; content:"/333z.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"104.243.32.185"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826405/; classtype:trojan-activity;sid:83689505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826403)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.174.75.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826403/; classtype:trojan-activity;sid:83689503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.58.117.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826402/; classtype:trojan-activity;sid:83689502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826401)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.208.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826401/; classtype:trojan-activity;sid:83689501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826400)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.207.252"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826400/; classtype:trojan-activity;sid:83689500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826399)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.38.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826399/; classtype:trojan-activity;sid:83689499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826398)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.180.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826398/; classtype:trojan-activity;sid:83689498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826397)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.175.91.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826397/; classtype:trojan-activity;sid:83689497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826396)"; flow:established,from_client; content:"GET"; http_method; content:"/th0.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.94.95.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826396/; classtype:trojan-activity;sid:83689496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826395)"; flow:established,from_client; content:"GET"; http_method; content:"/caf.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"80.94.95.238"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826395/; classtype:trojan-activity;sid:83689495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826394)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.253.221.56"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826394/; classtype:trojan-activity;sid:83689494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826393)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.17.188"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826393/; classtype:trojan-activity;sid:83689493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826392)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.18.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826392/; classtype:trojan-activity;sid:83689492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826391)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.58.117.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826391/; classtype:trojan-activity;sid:83689491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826390)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.104.119"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826390/; classtype:trojan-activity;sid:83689490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826389)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.18.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826389/; classtype:trojan-activity;sid:83689489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.131.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826388/; classtype:trojan-activity;sid:83689488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.199.79"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826387/; classtype:trojan-activity;sid:83689487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826386)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.10.212.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826386/; classtype:trojan-activity;sid:83689486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826385)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826385/; classtype:trojan-activity;sid:83689485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.47.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826384/; classtype:trojan-activity;sid:83689484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826383)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.116.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826383/; classtype:trojan-activity;sid:83689483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826382)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.200.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826382/; classtype:trojan-activity;sid:83689482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826373)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm6"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826373/; classtype:trojan-activity;sid:83689473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826374)"; flow:established,from_client; content:"GET"; http_method; content:"/.sspc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826374/; classtype:trojan-activity;sid:83689474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826375)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826375/; classtype:trojan-activity;sid:83689475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826376)"; flow:established,from_client; content:"GET"; http_method; content:"/.sx86_64"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826376/; classtype:trojan-activity;sid:83689476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826377)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826377/; classtype:trojan-activity;sid:83689477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826378)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm5"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826378/; classtype:trojan-activity;sid:83689478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826379)"; flow:established,from_client; content:"GET"; http_method; content:"/.sarm7"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826379/; classtype:trojan-activity;sid:83689479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826380)"; flow:established,from_client; content:"GET"; http_method; content:"/.sm68k"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826380/; classtype:trojan-activity;sid:83689480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826381)"; flow:established,from_client; content:"GET"; http_method; content:"/.smips"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826381/; classtype:trojan-activity;sid:83689481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826372)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826372/; classtype:trojan-activity;sid:83689472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826369)"; flow:established,from_client; content:"GET"; http_method; content:"/b"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826369/; classtype:trojan-activity;sid:83689469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826370)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826370/; classtype:trojan-activity;sid:83689470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826371)"; flow:established,from_client; content:"GET"; http_method; content:"/wget.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826371/; classtype:trojan-activity;sid:83689471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826367)"; flow:established,from_client; content:"GET"; http_method; content:"/bx"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826367/; classtype:trojan-activity;sid:83689467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826368)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.169.196.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826368/; classtype:trojan-activity;sid:83689468; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"220.201.90.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826366/; classtype:trojan-activity;sid:83689466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826365)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"hfpuc.anesthetics.biomedzglobal.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826365/; classtype:trojan-activity;sid:83689465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826364)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.106.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826364/; classtype:trojan-activity;sid:83689464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826363)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.215.211.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826363/; classtype:trojan-activity;sid:83689463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.34.199"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826362/; classtype:trojan-activity;sid:83689462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826361)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.171.253.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826361/; classtype:trojan-activity;sid:83689461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826360)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.70.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826360/; classtype:trojan-activity;sid:83689460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826359)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.137.197.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826359/; classtype:trojan-activity;sid:83689459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826357)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.228.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826357/; classtype:trojan-activity;sid:83689457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826358)"; flow:established,from_client; content:"GET"; http_method; content:"/redtail.arm8"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826358/; classtype:trojan-activity;sid:83689458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826356)"; flow:established,from_client; content:"GET"; http_method; content:"/redtail.x86.64"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"94.156.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826356/; classtype:trojan-activity;sid:83689456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826355)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.70.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826355/; classtype:trojan-activity;sid:83689455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826354)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.206.180.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826354/; classtype:trojan-activity;sid:83689454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826353)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.147.18.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826353/; classtype:trojan-activity;sid:83689453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.11.243.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826352/; classtype:trojan-activity;sid:83689452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826351)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.116.49.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826351/; classtype:trojan-activity;sid:83689451; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826350)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.90.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826350/; classtype:trojan-activity;sid:83689450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826349)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.68.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826349/; classtype:trojan-activity;sid:83689449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826348)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.119.228.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826348/; classtype:trojan-activity;sid:83689448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826347)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.80.72"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826347/; classtype:trojan-activity;sid:83689447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826346)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.43.26.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826346/; classtype:trojan-activity;sid:83689446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826345)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.214.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826345/; classtype:trojan-activity;sid:83689445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826344)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.208.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826344/; classtype:trojan-activity;sid:83689444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826343)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.213.94.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826343/; classtype:trojan-activity;sid:83689443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826341)"; flow:established,from_client; content:"GET"; http_method; content:"/redtail.arm7"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826341/; classtype:trojan-activity;sid:83689441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826342)"; flow:established,from_client; content:"GET"; http_method; content:"/redtail.i686"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"94.156.79.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826342/; classtype:trojan-activity;sid:83689442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826340)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.63.179.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826340/; classtype:trojan-activity;sid:83689440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826339)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.12.164.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826339/; classtype:trojan-activity;sid:83689439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826338)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.197.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826338/; classtype:trojan-activity;sid:83689438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826337)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.157.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826337/; classtype:trojan-activity;sid:83689437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826336)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.135.166.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826336/; classtype:trojan-activity;sid:83689436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826335)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.57.211.193"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826335/; classtype:trojan-activity;sid:83689435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826334)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.17.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826334/; classtype:trojan-activity;sid:83689434; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826333)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.94.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826333/; classtype:trojan-activity;sid:83689433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826332)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.61.93.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826332/; classtype:trojan-activity;sid:83689432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826331)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.72.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826331/; classtype:trojan-activity;sid:83689431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826330)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.204.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826330/; classtype:trojan-activity;sid:83689430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826329)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.200.181.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826329/; classtype:trojan-activity;sid:83689429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826328)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.126.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826328/; classtype:trojan-activity;sid:83689428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826327)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.157.48.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826327/; classtype:trojan-activity;sid:83689427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826326)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/lqjfq7l6"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pastebin.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826326/; classtype:trojan-activity;sid:83689426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826325)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.63.179.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826325/; classtype:trojan-activity;sid:83689425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826324)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.155.16.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826324/; classtype:trojan-activity;sid:83689424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826323)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.217.91.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826323/; classtype:trojan-activity;sid:83689423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826322)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.26.113.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826322/; classtype:trojan-activity;sid:83689422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826321)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.4.73.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826321/; classtype:trojan-activity;sid:83689421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826320)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.14.250.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826320/; classtype:trojan-activity;sid:83689420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826319)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.123.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826319/; classtype:trojan-activity;sid:83689419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826318)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.255.200.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826318/; classtype:trojan-activity;sid:83689418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826317)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.129.154.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826317/; classtype:trojan-activity;sid:83689417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826316)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"219.155.16.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826316/; classtype:trojan-activity;sid:83689416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826315)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.46.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826315/; classtype:trojan-activity;sid:83689415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826313)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.189.9.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826313/; classtype:trojan-activity;sid:83689413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826314)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.73.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826314/; classtype:trojan-activity;sid:83689414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826312)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.24.36.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826312/; classtype:trojan-activity;sid:83689412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826311)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.108.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826311/; classtype:trojan-activity;sid:83689411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826310)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.242.106.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826310/; classtype:trojan-activity;sid:83689410; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826309)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.1.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826309/; classtype:trojan-activity;sid:83689409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826308)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.154.177"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826308/; classtype:trojan-activity;sid:83689408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826307)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.89.65.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826307/; classtype:trojan-activity;sid:83689407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826306)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"87.255.200.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826306/; classtype:trojan-activity;sid:83689406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826305)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.139.209"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826305/; classtype:trojan-activity;sid:83689405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.220.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826304/; classtype:trojan-activity;sid:83689404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.197.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826303/; classtype:trojan-activity;sid:83689403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826302)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.20.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826302/; classtype:trojan-activity;sid:83689402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826301)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.108.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826301/; classtype:trojan-activity;sid:83689401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826300)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.100.144"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826300/; classtype:trojan-activity;sid:83689400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826299)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.165"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826299/; classtype:trojan-activity;sid:83689399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826297)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.47.238"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826297/; classtype:trojan-activity;sid:83689397; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826298)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.226.205.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826298/; classtype:trojan-activity;sid:83689398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826296)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.183.11.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826296/; classtype:trojan-activity;sid:83689396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826294)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"203.212.229.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826294/; classtype:trojan-activity;sid:83689394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826295)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.1.231"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826295/; classtype:trojan-activity;sid:83689395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826293)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.199.79.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826293/; classtype:trojan-activity;sid:83689393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826292)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.151.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826292/; classtype:trojan-activity;sid:83689392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826291)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.255.74.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826291/; classtype:trojan-activity;sid:83689391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826290)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.65.136"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826290/; classtype:trojan-activity;sid:83689390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826289)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.236.148.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826289/; classtype:trojan-activity;sid:83689389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.220.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826288/; classtype:trojan-activity;sid:83689388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826287)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.3.12.145"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826287/; classtype:trojan-activity;sid:83689387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826286)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.39.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826286/; classtype:trojan-activity;sid:83689386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826285)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.20.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826285/; classtype:trojan-activity;sid:83689385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826284)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.174.238.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826284/; classtype:trojan-activity;sid:83689384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826282)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.22.243.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826282/; classtype:trojan-activity;sid:83689382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826283)"; flow:established,from_client; content:"GET"; http_method; content:"/tiktok.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.172.128.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826283/; classtype:trojan-activity;sid:83689383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.225.71.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826280/; classtype:trojan-activity;sid:83689380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826281)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.15.53.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826281/; classtype:trojan-activity;sid:83689381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826279)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.39.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826279/; classtype:trojan-activity;sid:83689379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.71.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826278/; classtype:trojan-activity;sid:83689378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826277)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.254.183.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826277/; classtype:trojan-activity;sid:83689377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826276)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.255.74.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826276/; classtype:trojan-activity;sid:83689376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826275)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.203.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826275/; classtype:trojan-activity;sid:83689375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.126.122.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826274/; classtype:trojan-activity;sid:83689374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826273)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.22.243.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826273/; classtype:trojan-activity;sid:83689373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826272)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.174.238.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826272/; classtype:trojan-activity;sid:83689372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826271)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826271/; classtype:trojan-activity;sid:83689371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.222.252.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826270/; classtype:trojan-activity;sid:83689370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826269)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.225.71.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826269/; classtype:trojan-activity;sid:83689369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826268)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.83.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826268/; classtype:trojan-activity;sid:83689368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826267)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.203.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826267/; classtype:trojan-activity;sid:83689367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826266)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.71.100"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826266/; classtype:trojan-activity;sid:83689366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826265)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.192.124.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826265/; classtype:trojan-activity;sid:83689365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826264)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.149.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826264/; classtype:trojan-activity;sid:83689364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826263)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826263/; classtype:trojan-activity;sid:83689363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826262)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.199.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826262/; classtype:trojan-activity;sid:83689362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826261)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826261/; classtype:trojan-activity;sid:83689361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826260)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.177.105.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826260/; classtype:trojan-activity;sid:83689360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826259)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.121.147.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826259/; classtype:trojan-activity;sid:83689359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826258)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.198.200.51"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826258/; classtype:trojan-activity;sid:83689358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826256)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"gehhc.anesthetics.biomedzglobal.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826256/; classtype:trojan-activity;sid:83689356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826257)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"teypf.anesthetics.biomedzglobal.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826257/; classtype:trojan-activity;sid:83689357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826255)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.193.120"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826255/; classtype:trojan-activity;sid:83689355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826254)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.88.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826254/; classtype:trojan-activity;sid:83689354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826253)"; flow:established,from_client; content:"GET"; http_method; content:"/version_2.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"103.113.70.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826253/; classtype:trojan-activity;sid:83689353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826252)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.9.77.172"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826252/; classtype:trojan-activity;sid:83689352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826251)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"220.201.90.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826251/; classtype:trojan-activity;sid:83689351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826250)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.220.145.221"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826250/; classtype:trojan-activity;sid:83689350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826249)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.177.105.74"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826249/; classtype:trojan-activity;sid:83689349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826248)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.114.33.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826248/; classtype:trojan-activity;sid:83689348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826247)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.99.107.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826247/; classtype:trojan-activity;sid:83689347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826246)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.193.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826246/; classtype:trojan-activity;sid:83689346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826245)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.194.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826245/; classtype:trojan-activity;sid:83689345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.192.124.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826244/; classtype:trojan-activity;sid:83689344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826243)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.139.199.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826243/; classtype:trojan-activity;sid:83689343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826242)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.211.211.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826242/; classtype:trojan-activity;sid:83689342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.18.61.159"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826241/; classtype:trojan-activity;sid:83689341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826240)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.151"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826240/; classtype:trojan-activity;sid:83689340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826239)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.142.247.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826239/; classtype:trojan-activity;sid:83689339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.88.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826238/; classtype:trojan-activity;sid:83689338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.127.96.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826237/; classtype:trojan-activity;sid:83689337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.126.122.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826236/; classtype:trojan-activity;sid:83689336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826235)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.20.43"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826235/; classtype:trojan-activity;sid:83689335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.54.169.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826234/; classtype:trojan-activity;sid:83689334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.52.135.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826233/; classtype:trojan-activity;sid:83689333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826232/; classtype:trojan-activity;sid:83689332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826231)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.137.155.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826231/; classtype:trojan-activity;sid:83689331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826230)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"120.211.101.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826230/; classtype:trojan-activity;sid:83689330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.48.146.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826229/; classtype:trojan-activity;sid:83689329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826228)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.114.33.73"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826228/; classtype:trojan-activity;sid:83689328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826227)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.49.167.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826227/; classtype:trojan-activity;sid:83689327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.210.156.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826226/; classtype:trojan-activity;sid:83689326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826225)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.194.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826225/; classtype:trojan-activity;sid:83689325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826223)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.96.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826223/; classtype:trojan-activity;sid:83689323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.11.1.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826224/; classtype:trojan-activity;sid:83689324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.88.188.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826222/; classtype:trojan-activity;sid:83689322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.181.85"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826221/; classtype:trojan-activity;sid:83689321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826220)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.52.135.39"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826220/; classtype:trojan-activity;sid:83689320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826219)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.211.211.241"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826219/; classtype:trojan-activity;sid:83689319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826218)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.48.146.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826218/; classtype:trojan-activity;sid:83689318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826217)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.89.2.178"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826217/; classtype:trojan-activity;sid:83689317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826216)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"37.112.166.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826216/; classtype:trojan-activity;sid:83689316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826215)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.160.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826215/; classtype:trojan-activity;sid:83689315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826214)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"176.185.196.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826214/; classtype:trojan-activity;sid:83689314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826213/; classtype:trojan-activity;sid:83689313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.224.21.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826211/; classtype:trojan-activity;sid:83689311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826212)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.182.182.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826212/; classtype:trojan-activity;sid:83689312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826210)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.54.169.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826210/; classtype:trojan-activity;sid:83689310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826209)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.4.190.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826209/; classtype:trojan-activity;sid:83689309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826208)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.42.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826208/; classtype:trojan-activity;sid:83689308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826207)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.195.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826207/; classtype:trojan-activity;sid:83689307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.51.179.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826206/; classtype:trojan-activity;sid:83689306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.183.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826205/; classtype:trojan-activity;sid:83689305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.231.68.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826204/; classtype:trojan-activity;sid:83689304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826203)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.121.169.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826203/; classtype:trojan-activity;sid:83689303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.47.206.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826201/; classtype:trojan-activity;sid:83689301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826202)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.91.170"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826202/; classtype:trojan-activity;sid:83689302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.93.180.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826200/; classtype:trojan-activity;sid:83689300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.15.196.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826199/; classtype:trojan-activity;sid:83689299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826198)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.88.188.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826198/; classtype:trojan-activity;sid:83689298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.238.14.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826196/; classtype:trojan-activity;sid:83689296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826197)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.148.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826197/; classtype:trojan-activity;sid:83689297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826195)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.224.21.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826195/; classtype:trojan-activity;sid:83689295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826193)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.15.196.30"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826193/; classtype:trojan-activity;sid:83689293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.141.103.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826194/; classtype:trojan-activity;sid:83689294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826192)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"164.163.25.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826192/; classtype:trojan-activity;sid:83689292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.41.142.155"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826191/; classtype:trojan-activity;sid:83689291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.87.61.210"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826190/; classtype:trojan-activity;sid:83689290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826189)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.83.12"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826189/; classtype:trojan-activity;sid:83689289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.194.163.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826188/; classtype:trojan-activity;sid:83689288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.109.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826187/; classtype:trojan-activity;sid:83689287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826186)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.183.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826186/; classtype:trojan-activity;sid:83689286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826185)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"125.47.206.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826185/; classtype:trojan-activity;sid:83689285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826184)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.51.179.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826184/; classtype:trojan-activity;sid:83689284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826183)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.231.68.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826183/; classtype:trojan-activity;sid:83689283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826182)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.163.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826182/; classtype:trojan-activity;sid:83689282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826181)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.209.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826181/; classtype:trojan-activity;sid:83689281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.119.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826180/; classtype:trojan-activity;sid:83689280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.201.15.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826178/; classtype:trojan-activity;sid:83689278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.41.27"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826179/; classtype:trojan-activity;sid:83689279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826177)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826177/; classtype:trojan-activity;sid:83689277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826176)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.148.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826176/; classtype:trojan-activity;sid:83689276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.152.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826175/; classtype:trojan-activity;sid:83689275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826174)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.141.103.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826174/; classtype:trojan-activity;sid:83689274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.14.52.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826173/; classtype:trojan-activity;sid:83689273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826172)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"76.81.220.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826172/; classtype:trojan-activity;sid:83689272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826171)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.195.157"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826171/; classtype:trojan-activity;sid:83689271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826170)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.212.124.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826170/; classtype:trojan-activity;sid:83689270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826169)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.14.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826169/; classtype:trojan-activity;sid:83689269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826168)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.80.198.201"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826168/; classtype:trojan-activity;sid:83689268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826167)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.109.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826167/; classtype:trojan-activity;sid:83689267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.255.80.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826166/; classtype:trojan-activity;sid:83689266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826164)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ppoil.anesthetics.biomedzglobal.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826164/; classtype:trojan-activity;sid:83689264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826165)"; flow:established,from_client; content:"GET"; http_method; content:"/editcontent"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"lbndf.anesthetics.biomedzglobal.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826165/; classtype:trojan-activity;sid:83689265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826163)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.234.149.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826163/; classtype:trojan-activity;sid:83689263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826162)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.95.13.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826162/; classtype:trojan-activity;sid:83689262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826161)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.201.64"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826161/; classtype:trojan-activity;sid:83689261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826160)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.61.113.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826160/; classtype:trojan-activity;sid:83689260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.85.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826159/; classtype:trojan-activity;sid:83689259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.51.97.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826158/; classtype:trojan-activity;sid:83689258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826157)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.206.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826157/; classtype:trojan-activity;sid:83689257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826156)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.58.152.205"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826156/; classtype:trojan-activity;sid:83689256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"110.180.170.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826155/; classtype:trojan-activity;sid:83689255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826154)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.238.217.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826154/; classtype:trojan-activity;sid:83689254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826153)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.230.177.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826153/; classtype:trojan-activity;sid:83689253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826152)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.255.80.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826152/; classtype:trojan-activity;sid:83689252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.202.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826151/; classtype:trojan-activity;sid:83689251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"61.53.75.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826150/; classtype:trojan-activity;sid:83689250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826149)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.242.106.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826149/; classtype:trojan-activity;sid:83689249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.242.58.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826148/; classtype:trojan-activity;sid:83689248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826147)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.206.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826147/; classtype:trojan-activity;sid:83689247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826146)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.97.159"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826146/; classtype:trojan-activity;sid:83689246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.207.247.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826145/; classtype:trojan-activity;sid:83689245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826144)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.213.85.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826144/; classtype:trojan-activity;sid:83689244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826143)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"1.70.124.39"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826143/; classtype:trojan-activity;sid:83689243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826142)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.39.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826142/; classtype:trojan-activity;sid:83689242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.70.95.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826141/; classtype:trojan-activity;sid:83689241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.243.249.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826140/; classtype:trojan-activity;sid:83689240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826139)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.49.6.207"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826139/; classtype:trojan-activity;sid:83689239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826138)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.230.177.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826138/; classtype:trojan-activity;sid:83689238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826137)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.238.131.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826137/; classtype:trojan-activity;sid:83689237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826136)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.113.26.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826136/; classtype:trojan-activity;sid:83689236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826134)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.188.94.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826134/; classtype:trojan-activity;sid:83689234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826135)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.246.110.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826135/; classtype:trojan-activity;sid:83689235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826133)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.200.183.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826133/; classtype:trojan-activity;sid:83689233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826132)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"106.110.146.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826132/; classtype:trojan-activity;sid:83689232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826131)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.231.248.158"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826131/; classtype:trojan-activity;sid:83689231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826130)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.127.104.105"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826130/; classtype:trojan-activity;sid:83689230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.178.116.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826129/; classtype:trojan-activity;sid:83689229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826128)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.174.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826128/; classtype:trojan-activity;sid:83689228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826127)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.202.28"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826127/; classtype:trojan-activity;sid:83689227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826126)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.252.169.233"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826126/; classtype:trojan-activity;sid:83689226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826125)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.75.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826125/; classtype:trojan-activity;sid:83689225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826124)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.196.45.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826124/; classtype:trojan-activity;sid:83689224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.63.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826123/; classtype:trojan-activity;sid:83689223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.235.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826122/; classtype:trojan-activity;sid:83689222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.242.58.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826121/; classtype:trojan-activity;sid:83689221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826120)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.207.247.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826120/; classtype:trojan-activity;sid:83689220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.55.231.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826119/; classtype:trojan-activity;sid:83689219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826118)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.54.98.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826118/; classtype:trojan-activity;sid:83689218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826117)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"196.70.95.215"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826117/; classtype:trojan-activity;sid:83689217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826116)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"14.223.84.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826116/; classtype:trojan-activity;sid:83689216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826115)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"61.53.85.144"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826115/; classtype:trojan-activity;sid:83689215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826114)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.204.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826114/; classtype:trojan-activity;sid:83689214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826113)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.194.162.36"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826113/; classtype:trojan-activity;sid:83689213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.217.37.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826112/; classtype:trojan-activity;sid:83689212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.60.248.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826111/; classtype:trojan-activity;sid:83689211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.204.196.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826110/; classtype:trojan-activity;sid:83689210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826109)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"182.183.148.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826109/; classtype:trojan-activity;sid:83689209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826108)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"58.47.26.174"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826108/; classtype:trojan-activity;sid:83689208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.206.181.76"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826107/; classtype:trojan-activity;sid:83689207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826106)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.235.63.172"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826106/; classtype:trojan-activity;sid:83689206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826105)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.235.89.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826105/; classtype:trojan-activity;sid:83689205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826104)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.55.231.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826104/; classtype:trojan-activity;sid:83689204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.235.119.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826103/; classtype:trojan-activity;sid:83689203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826102)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.92.33.211"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826102/; classtype:trojan-activity;sid:83689202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826101)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.12.164.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826101/; classtype:trojan-activity;sid:83689201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826100)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.9.246.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826100/; classtype:trojan-activity;sid:83689200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826099)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.51.90.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826099/; classtype:trojan-activity;sid:83689199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826098)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.229.181.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826098/; classtype:trojan-activity;sid:83689198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.217.37.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826097/; classtype:trojan-activity;sid:83689197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826096)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.60.248.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826096/; classtype:trojan-activity;sid:83689196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.58.156.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826095/; classtype:trojan-activity;sid:83689195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.123.211.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826094/; classtype:trojan-activity;sid:83689194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826093)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"117.204.196.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826093/; classtype:trojan-activity;sid:83689193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.119.141.211"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826092/; classtype:trojan-activity;sid:83689192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826091)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.105.252.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826091/; classtype:trojan-activity;sid:83689191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.139.226.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826090/; classtype:trojan-activity;sid:83689190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826089)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.13.27.184"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826089/; classtype:trojan-activity;sid:83689189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826088)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"59.93.180.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826088/; classtype:trojan-activity;sid:83689188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826087)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"115.61.113.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_25; reference:url, urlhaus.abuse.ch/url/2826087/; classtype:trojan-activity;sid:83689187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.215.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826047/; classtype:trojan-activity;sid:83689147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826036)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.82.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826036/; classtype:trojan-activity;sid:83689136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826026)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"153.34.81.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826026/; classtype:trojan-activity;sid:83689126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2826011)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.142.208"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2826011/; classtype:trojan-activity;sid:83689111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.131.146.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825993/; classtype:trojan-activity;sid:83689093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825983)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825983/; classtype:trojan-activity;sid:83689083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825976)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1/build3.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"cajgtus.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825976/; classtype:trojan-activity;sid:83689076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.180.200"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825942/; classtype:trojan-activity;sid:83689042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.138.96.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825876/; classtype:trojan-activity;sid:83688976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825862)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"222.138.96.4"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825862/; classtype:trojan-activity;sid:83688962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.22.238.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825845/; classtype:trojan-activity;sid:83688945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825828)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.164.118.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825828/; classtype:trojan-activity;sid:83688928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825730/; classtype:trojan-activity;sid:83688830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825702)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825702/; classtype:trojan-activity;sid:83688802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825697)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825697/; classtype:trojan-activity;sid:83688797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825638)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.251.12.55"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825638/; classtype:trojan-activity;sid:83688738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825268)"; flow:established,from_client; content:"GET"; http_method; content:"/main/qauasariscrypted.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825268/; classtype:trojan-activity;sid:83688368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825267)"; flow:established,from_client; content:"GET"; http_method; content:"/client/fzonsvup.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825267/; classtype:trojan-activity;sid:83688367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825201)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825201/; classtype:trojan-activity;sid:83688301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825200)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_32"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825200/; classtype:trojan-activity;sid:83688300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825196)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825196/; classtype:trojan-activity;sid:83688296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825191)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825191/; classtype:trojan-activity;sid:83688291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825192)"; flow:established,from_client; content:"GET"; http_method; content:"/spc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825192/; classtype:trojan-activity;sid:83688292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825189)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825189/; classtype:trojan-activity;sid:83688289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825186)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825186/; classtype:trojan-activity;sid:83688286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825178)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825178/; classtype:trojan-activity;sid:83688278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825177)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825177/; classtype:trojan-activity;sid:83688277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825171)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825171/; classtype:trojan-activity;sid:83688271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825165)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825165/; classtype:trojan-activity;sid:83688265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825157)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825157/; classtype:trojan-activity;sid:83688257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825158)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825158/; classtype:trojan-activity;sid:83688258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825155)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825155/; classtype:trojan-activity;sid:83688255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825147)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825147/; classtype:trojan-activity;sid:83688247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825139)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825139/; classtype:trojan-activity;sid:83688239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825140)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825140/; classtype:trojan-activity;sid:83688240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825141)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825141/; classtype:trojan-activity;sid:83688241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825134)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825134/; classtype:trojan-activity;sid:83688234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825129)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825129/; classtype:trojan-activity;sid:83688229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825123)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825123/; classtype:trojan-activity;sid:83688223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825128)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825128/; classtype:trojan-activity;sid:83688228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825121)"; flow:established,from_client; content:"GET"; http_method; content:"/dlr.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"212.70.149.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825121/; classtype:trojan-activity;sid:83688221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825119)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825119/; classtype:trojan-activity;sid:83688219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825112)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825112/; classtype:trojan-activity;sid:83688212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825113)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825113/; classtype:trojan-activity;sid:83688213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825114)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825114/; classtype:trojan-activity;sid:83688214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825117)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.196.11.177"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825117/; classtype:trojan-activity;sid:83688217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825109)"; flow:established,from_client; content:"GET"; http_method; content:"/var"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825109/; classtype:trojan-activity;sid:83688209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825076)"; flow:established,from_client; content:"GET"; http_method; content:"/pc"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825076/; classtype:trojan-activity;sid:83688176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825077)"; flow:established,from_client; content:"GET"; http_method; content:"/nano"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825077/; classtype:trojan-activity;sid:83688177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825078)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825078/; classtype:trojan-activity;sid:83688178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825079)"; flow:established,from_client; content:"GET"; http_method; content:"/cat"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825079/; classtype:trojan-activity;sid:83688179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825080)"; flow:established,from_client; content:"GET"; http_method; content:"/telnet"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825080/; classtype:trojan-activity;sid:83688180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825069)"; flow:established,from_client; content:"GET"; http_method; content:"/ps"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825069/; classtype:trojan-activity;sid:83688169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825071)"; flow:established,from_client; content:"GET"; http_method; content:"/tftpd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825071/; classtype:trojan-activity;sid:83688171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825072)"; flow:established,from_client; content:"GET"; http_method; content:"/bashd"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825072/; classtype:trojan-activity;sid:83688172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825073)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825073/; classtype:trojan-activity;sid:83688173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825074)"; flow:established,from_client; content:"GET"; http_method; content:"/ssh"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825074/; classtype:trojan-activity;sid:83688174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825075)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825075/; classtype:trojan-activity;sid:83688175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825068)"; flow:established,from_client; content:"GET"; http_method; content:"/telnetd"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"45.88.90.168"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825068/; classtype:trojan-activity;sid:83688168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825045)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825045/; classtype:trojan-activity;sid:83688145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825042)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825042/; classtype:trojan-activity;sid:83688142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825043)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825043/; classtype:trojan-activity;sid:83688143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825044)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825044/; classtype:trojan-activity;sid:83688144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825036)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825036/; classtype:trojan-activity;sid:83688136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825037)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825037/; classtype:trojan-activity;sid:83688137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825038)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825038/; classtype:trojan-activity;sid:83688138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825039)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825039/; classtype:trojan-activity;sid:83688139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825040)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825040/; classtype:trojan-activity;sid:83688140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825041)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825041/; classtype:trojan-activity;sid:83688141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825035)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"putin.zelenskyj.ru"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825035/; classtype:trojan-activity;sid:83688135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825002)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.64.rar"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825002/; classtype:trojan-activity;sid:83688102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824999)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.64.json"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824999/; classtype:trojan-activity;sid:83688099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2825000)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/45.6472.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"121.167.2.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2825000/; classtype:trojan-activity;sid:83688100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824987)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/hon.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mhsonsco.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824987/; classtype:trojan-activity;sid:83688087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824981)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824981/; classtype:trojan-activity;sid:83688081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lti4plfomwgccukejpybprip-lcokwed"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824977/; classtype:trojan-activity;sid:83688077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824975)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1-kqmxodyjhhw6fn77qkvco3tox2hzzli"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824975/; classtype:trojan-activity;sid:83688075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824866)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824866/; classtype:trojan-activity;sid:83687966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.239.102.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824834/; classtype:trojan-activity;sid:83687934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824820)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.239.102.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824820/; classtype:trojan-activity;sid:83687920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824735)"; flow:established,from_client; content:"GET"; http_method; content:"/assets/aw/yt.hta"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"www.sessosesso.it"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824735/; classtype:trojan-activity;sid:83687835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824730)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/773/797/original/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824730/; classtype:trojan-activity;sid:83687830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824707)"; flow:established,from_client; content:"GET"; http_method; content:"/boldklubbens.pcz"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824707/; classtype:trojan-activity;sid:83687807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824706)"; flow:established,from_client; content:"GET"; http_method; content:"/fbizb192.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824706/; classtype:trojan-activity;sid:83687806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824697)"; flow:established,from_client; content:"GET"; http_method; content:"/zgoeacm3.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824697/; classtype:trojan-activity;sid:83687797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824698)"; flow:established,from_client; content:"GET"; http_method; content:"/renovationsselskabers221.mix"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824698/; classtype:trojan-activity;sid:83687798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824699)"; flow:established,from_client; content:"GET"; http_method; content:"/pliotron.snp"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824699/; classtype:trojan-activity;sid:83687799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.79.48.21"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824688/; classtype:trojan-activity;sid:83687788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824510)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"222.132.104.176"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_24; reference:url, urlhaus.abuse.ch/url/2824510/; classtype:trojan-activity;sid:83687610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824403)"; flow:established,from_client; content:"GET"; http_method; content:"/main/qauasariscrypted.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824403/; classtype:trojan-activity;sid:83687503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824402)"; flow:established,from_client; content:"GET"; http_method; content:"/client/fzonsvup.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824402/; classtype:trojan-activity;sid:83687502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824230)"; flow:established,from_client; content:"GET"; http_method; content:"/dirtypipez"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"50.43.49.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824230/; classtype:trojan-activity;sid:83687330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824231)"; flow:established,from_client; content:"GET"; http_method; content:"/dirtypipez.c"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"50.43.49.78"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824231/; classtype:trojan-activity;sid:83687331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824199)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/fghghghgfd.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824199/; classtype:trojan-activity;sid:83687299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824200)"; flow:established,from_client; content:"GET"; http_method; content:"/client/softcore-shd-lavacrypt.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824200/; classtype:trojan-activity;sid:83687300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824197)"; flow:established,from_client; content:"GET"; http_method; content:"/main/noncryptedmainstub.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824197/; classtype:trojan-activity;sid:83687297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824193)"; flow:established,from_client; content:"GET"; http_method; content:"/main/qausarneedscrypted.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824193/; classtype:trojan-activity;sid:83687293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824190)"; flow:established,from_client; content:"GET"; http_method; content:"/client/degrado-lavacrypt-dfgs.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824190/; classtype:trojan-activity;sid:83687290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824191)"; flow:established,from_client; content:"GET"; http_method; content:"/client/krummy-lavacrypt-gfhd.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824191/; classtype:trojan-activity;sid:83687291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824192)"; flow:established,from_client; content:"GET"; http_method; content:"/client/xx-lavacrypt-dfgs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824192/; classtype:trojan-activity;sid:83687292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824188)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/ghghghgfg.xml"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"gjhfhgdg.insane.wang"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824188/; classtype:trojan-activity;sid:83687288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824178)"; flow:established,from_client; content:"GET"; http_method; content:"/0"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"192.253.234.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824178/; classtype:trojan-activity;sid:83687278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824177)"; flow:established,from_client; content:"GET"; http_method; content:"//47478.elf"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.253.234.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824177/; classtype:trojan-activity;sid:83687277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824146)"; flow:established,from_client; content:"GET"; http_method; content:"/client/softcore-shd-lavacrypt.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824146/; classtype:trojan-activity;sid:83687246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824142)"; flow:established,from_client; content:"GET"; http_method; content:"/client/krummy-lavacrypt-gfhd.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824142/; classtype:trojan-activity;sid:83687242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824143)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/dffgfgfgfd.jpeg"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824143/; classtype:trojan-activity;sid:83687243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824144)"; flow:established,from_client; content:"GET"; http_method; content:"/main/qausarneedscrypted.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824144/; classtype:trojan-activity;sid:83687244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824145)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/fghghghgfd.pdf"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824145/; classtype:trojan-activity;sid:83687245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824141)"; flow:established,from_client; content:"GET"; http_method; content:"/client/hajde-lavacrypt-dfgs.exe"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824141/; classtype:trojan-activity;sid:83687241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824140)"; flow:established,from_client; content:"GET"; http_method; content:"/dll/ghghghgfg.xml"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824140/; classtype:trojan-activity;sid:83687240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824138)"; flow:established,from_client; content:"GET"; http_method; content:"/client/xx-lavacrypt-dfgs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824138/; classtype:trojan-activity;sid:83687238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824139)"; flow:established,from_client; content:"GET"; http_method; content:"/client/degrado-lavacrypt-dfgs.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824139/; classtype:trojan-activity;sid:83687239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824097)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.31.180.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824097/; classtype:trojan-activity;sid:83687197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824085)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.83.1.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824085/; classtype:trojan-activity;sid:83687185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824078)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win64-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824078/; classtype:trojan-activity;sid:83687178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824079)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-osx-unsigned.dmg"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824079/; classtype:trojan-activity;sid:83687179; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824077)"; flow:established,from_client; content:"GET"; http_method; content:"/mazacoin/maza/releases/download/v0.16.3/maza-0.16.3-win32-setup-unsigned.exe"; http_uri; depth:77; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824077/; classtype:trojan-activity;sid:83687177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2824043)"; flow:established,from_client; content:"GET"; http_method; content:"/main/noncryptedmainstub.exe"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2824043/; classtype:trojan-activity;sid:83687143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823973)"; flow:established,from_client; content:"GET"; http_method; content:"/g1/589/steamworks.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"by.haory.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823973/; classtype:trojan-activity;sid:83687073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823958)"; flow:established,from_client; content:"GET"; http_method; content:"/ext/chatgpt_search.jpeg"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823958/; classtype:trojan-activity;sid:83687058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823848)"; flow:established,from_client; content:"GET"; http_method; content:"/wget1.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823848/; classtype:trojan-activity;sid:83686948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823845)"; flow:established,from_client; content:"GET"; http_method; content:"/kys.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823845/; classtype:trojan-activity;sid:83686945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823843)"; flow:established,from_client; content:"GET"; http_method; content:"/ipc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823843/; classtype:trojan-activity;sid:83686943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823844)"; flow:established,from_client; content:"GET"; http_method; content:"/lol"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823844/; classtype:trojan-activity;sid:83686944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823773)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.239.49.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823773/; classtype:trojan-activity;sid:83686873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823753)"; flow:established,from_client; content:"GET"; http_method; content:"/hylasmus.ocx"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823753/; classtype:trojan-activity;sid:83686853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823751)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fwetamc8xvaea3jv16qusgx6tuli6s0w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823751/; classtype:trojan-activity;sid:83686851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823752)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rwrhh1uo-srar92_q8wl4e7pn2kxc1ok"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823752/; classtype:trojan-activity;sid:83686852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823733)"; flow:established,from_client; content:"GET"; http_method; content:"/ab/dhltxt.txt"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"mhsonsco.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823733/; classtype:trojan-activity;sid:83686833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823716)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/imtoken-v2.apk"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"token.im"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823716/; classtype:trojan-activity;sid:83686816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823653)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.149.139.44"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_23; reference:url, urlhaus.abuse.ch/url/2823653/; classtype:trojan-activity;sid:83686753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823503)"; flow:established,from_client; content:"GET"; http_method; content:"/client/xx-lavacrypt-dfgs.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"185.196.10.233"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823503/; classtype:trojan-activity;sid:83686603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823284)"; flow:established,from_client; content:"GET"; http_method; content:"/acestream.apk"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sportvision.app"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823284/; classtype:trojan-activity;sid:83686384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823265)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.244.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823265/; classtype:trojan-activity;sid:83686365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823256)"; flow:established,from_client; content:"GET"; http_method; content:"/imtoken.apk"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"imtoken8.cc"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823256/; classtype:trojan-activity;sid:83686356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823150)"; flow:established,from_client; content:"GET"; http_method; content:"/y-steamworks.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"117.50.194.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823150/; classtype:trojan-activity;sid:83686250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823144)"; flow:established,from_client; content:"GET"; http_method; content:"/1/1128/steamworks.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"by.haory.cn"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823144/; classtype:trojan-activity;sid:83686244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.56.88.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823042/; classtype:trojan-activity;sid:83686142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2823034)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.56.88.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2823034/; classtype:trojan-activity;sid:83686134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822996)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.194.35.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822996/; classtype:trojan-activity;sid:83686096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822910)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822910/; classtype:trojan-activity;sid:83686010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822909)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822909/; classtype:trojan-activity;sid:83686009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822908)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.30.85.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822908/; classtype:trojan-activity;sid:83686008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822907)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822907/; classtype:trojan-activity;sid:83686007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822905)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.162.233.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822905/; classtype:trojan-activity;sid:83686005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822890/; classtype:trojan-activity;sid:83685990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822891)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822891/; classtype:trojan-activity;sid:83685991; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822893)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"112.120.173.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822893/; classtype:trojan-activity;sid:83685993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822894)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822894/; classtype:trojan-activity;sid:83685994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822895)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822895/; classtype:trojan-activity;sid:83685995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822899)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822899/; classtype:trojan-activity;sid:83685999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822902)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822902/; classtype:trojan-activity;sid:83686002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822903)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.188.48.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822903/; classtype:trojan-activity;sid:83686003; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822904)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.119.172.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822904/; classtype:trojan-activity;sid:83686004; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822885)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.124.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822885/; classtype:trojan-activity;sid:83685985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822886)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822886/; classtype:trojan-activity;sid:83685986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822887)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822887/; classtype:trojan-activity;sid:83685987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822888)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822888/; classtype:trojan-activity;sid:83685988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822889)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.244.120.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822889/; classtype:trojan-activity;sid:83685989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822881)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822881/; classtype:trojan-activity;sid:83685981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822882)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822882/; classtype:trojan-activity;sid:83685982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822879)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822879/; classtype:trojan-activity;sid:83685979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822880)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.140.156.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822880/; classtype:trojan-activity;sid:83685980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822875)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.116.219.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822875/; classtype:trojan-activity;sid:83685975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822876)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822876/; classtype:trojan-activity;sid:83685976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822877)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.13.221.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822877/; classtype:trojan-activity;sid:83685977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822878)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"153.19.169.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822878/; classtype:trojan-activity;sid:83685978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822864)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822864/; classtype:trojan-activity;sid:83685964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822865)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822865/; classtype:trojan-activity;sid:83685965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822866)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822866/; classtype:trojan-activity;sid:83685966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822867)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822867/; classtype:trojan-activity;sid:83685967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822868)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.163.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822868/; classtype:trojan-activity;sid:83685968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822869)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822869/; classtype:trojan-activity;sid:83685969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822870)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822870/; classtype:trojan-activity;sid:83685970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822872)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822872/; classtype:trojan-activity;sid:83685972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822873/; classtype:trojan-activity;sid:83685973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822874)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822874/; classtype:trojan-activity;sid:83685974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822850)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.125.13.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822850/; classtype:trojan-activity;sid:83685950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822851)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.127.76.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822851/; classtype:trojan-activity;sid:83685951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822852)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.111.182.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822852/; classtype:trojan-activity;sid:83685952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822854)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.222.134.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822854/; classtype:trojan-activity;sid:83685954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822855)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.20.63.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822855/; classtype:trojan-activity;sid:83685955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822858)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.143.174.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822858/; classtype:trojan-activity;sid:83685958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822859)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"137.119.38.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822859/; classtype:trojan-activity;sid:83685959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822860)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.241.113.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822860/; classtype:trojan-activity;sid:83685960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822861)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822861/; classtype:trojan-activity;sid:83685961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822862)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822862/; classtype:trojan-activity;sid:83685962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822863)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822863/; classtype:trojan-activity;sid:83685963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822845)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822845/; classtype:trojan-activity;sid:83685945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822846)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822846/; classtype:trojan-activity;sid:83685946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822847)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822847/; classtype:trojan-activity;sid:83685947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822849)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"70.166.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822849/; classtype:trojan-activity;sid:83685949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822839)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"163.53.205.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822839/; classtype:trojan-activity;sid:83685939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822841)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.50.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822841/; classtype:trojan-activity;sid:83685941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822838)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.20.234.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822838/; classtype:trojan-activity;sid:83685938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822836)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.188.248.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822836/; classtype:trojan-activity;sid:83685936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822835)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.151.92.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822835/; classtype:trojan-activity;sid:83685935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822833)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822833/; classtype:trojan-activity;sid:83685933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822834)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822834/; classtype:trojan-activity;sid:83685934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822820)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.161.231.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822820/; classtype:trojan-activity;sid:83685920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822821)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822821/; classtype:trojan-activity;sid:83685921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822823)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822823/; classtype:trojan-activity;sid:83685923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822824)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822824/; classtype:trojan-activity;sid:83685924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822825)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822825/; classtype:trojan-activity;sid:83685925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822826)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.170.168.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822826/; classtype:trojan-activity;sid:83685926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822827)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.18.145.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822827/; classtype:trojan-activity;sid:83685927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822828/; classtype:trojan-activity;sid:83685928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822829)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.87.236.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822829/; classtype:trojan-activity;sid:83685929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822830)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822830/; classtype:trojan-activity;sid:83685930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822831)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.23.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822831/; classtype:trojan-activity;sid:83685931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822832)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.128.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822832/; classtype:trojan-activity;sid:83685932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822808)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822808/; classtype:trojan-activity;sid:83685908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822810)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.184.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822810/; classtype:trojan-activity;sid:83685910; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822811)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822811/; classtype:trojan-activity;sid:83685911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822812)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822812/; classtype:trojan-activity;sid:83685912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822814)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822814/; classtype:trojan-activity;sid:83685914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822815)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822815/; classtype:trojan-activity;sid:83685915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822816)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822816/; classtype:trojan-activity;sid:83685916; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822818)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.78.106.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822818/; classtype:trojan-activity;sid:83685918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822819)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822819/; classtype:trojan-activity;sid:83685919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822801)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.196.97.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822801/; classtype:trojan-activity;sid:83685901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822802/; classtype:trojan-activity;sid:83685902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822803)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.249.179.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822803/; classtype:trojan-activity;sid:83685903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822804)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.250.206.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822804/; classtype:trojan-activity;sid:83685904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822805)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.174.143.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822805/; classtype:trojan-activity;sid:83685905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822795)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.235.21.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822795/; classtype:trojan-activity;sid:83685895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822797)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822797/; classtype:trojan-activity;sid:83685897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822799)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.133.4.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822799/; classtype:trojan-activity;sid:83685899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822800)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822800/; classtype:trojan-activity;sid:83685900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822794)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822794/; classtype:trojan-activity;sid:83685894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822779)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.228.223.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822779/; classtype:trojan-activity;sid:83685879; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822781)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822781/; classtype:trojan-activity;sid:83685881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822782)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822782/; classtype:trojan-activity;sid:83685882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822783/; classtype:trojan-activity;sid:83685883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822784)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822784/; classtype:trojan-activity;sid:83685884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822785)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.202.83.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822785/; classtype:trojan-activity;sid:83685885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822786)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.255.163.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822786/; classtype:trojan-activity;sid:83685886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822787)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.41.91.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822787/; classtype:trojan-activity;sid:83685887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822789)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822789/; classtype:trojan-activity;sid:83685889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822790)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822790/; classtype:trojan-activity;sid:83685890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822792)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822792/; classtype:trojan-activity;sid:83685892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822769)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.136.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822769/; classtype:trojan-activity;sid:83685869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822770/; classtype:trojan-activity;sid:83685870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822772)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822772/; classtype:trojan-activity;sid:83685872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822762/; classtype:trojan-activity;sid:83685862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822763)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822763/; classtype:trojan-activity;sid:83685863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822764)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822764/; classtype:trojan-activity;sid:83685864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822765)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.42.105.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822765/; classtype:trojan-activity;sid:83685865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822768)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822768/; classtype:trojan-activity;sid:83685868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822759)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.153.148.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822759/; classtype:trojan-activity;sid:83685859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822761)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.245.165.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822761/; classtype:trojan-activity;sid:83685861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822757)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822757/; classtype:trojan-activity;sid:83685857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822754)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822754/; classtype:trojan-activity;sid:83685854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.157.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822755/; classtype:trojan-activity;sid:83685855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822751/; classtype:trojan-activity;sid:83685851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822752)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.11.95.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822752/; classtype:trojan-activity;sid:83685852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822753)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.216.125.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822753/; classtype:trojan-activity;sid:83685853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822747)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822747/; classtype:trojan-activity;sid:83685847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822734)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822734/; classtype:trojan-activity;sid:83685834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822735)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822735/; classtype:trojan-activity;sid:83685835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822736)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822736/; classtype:trojan-activity;sid:83685836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822737)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822737/; classtype:trojan-activity;sid:83685837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822738)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.225.114.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822738/; classtype:trojan-activity;sid:83685838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822739)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"96.92.116.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822739/; classtype:trojan-activity;sid:83685839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822740)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822740/; classtype:trojan-activity;sid:83685840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822743)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822743/; classtype:trojan-activity;sid:83685843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822744)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822744/; classtype:trojan-activity;sid:83685844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822727)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822727/; classtype:trojan-activity;sid:83685827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822728)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.75.222.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822728/; classtype:trojan-activity;sid:83685828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822729)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.199.42.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822729/; classtype:trojan-activity;sid:83685829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822730)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.202.194.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822730/; classtype:trojan-activity;sid:83685830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822731)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822731/; classtype:trojan-activity;sid:83685831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822732)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.51.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822732/; classtype:trojan-activity;sid:83685832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822733)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822733/; classtype:trojan-activity;sid:83685833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822717)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.68.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822717/; classtype:trojan-activity;sid:83685817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822718)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822718/; classtype:trojan-activity;sid:83685818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822719)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822719/; classtype:trojan-activity;sid:83685819; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822721)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822721/; classtype:trojan-activity;sid:83685821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822723)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.49.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822723/; classtype:trojan-activity;sid:83685823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822724)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822724/; classtype:trojan-activity;sid:83685824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822726)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822726/; classtype:trojan-activity;sid:83685826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822714)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"168.205.53.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822714/; classtype:trojan-activity;sid:83685814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822715)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822715/; classtype:trojan-activity;sid:83685815; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822713)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.46.58.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822713/; classtype:trojan-activity;sid:83685813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822711)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822711/; classtype:trojan-activity;sid:83685811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822706)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822706/; classtype:trojan-activity;sid:83685806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822707)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822707/; classtype:trojan-activity;sid:83685807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822708)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.142.158.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822708/; classtype:trojan-activity;sid:83685808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822709)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"38.137.248.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822709/; classtype:trojan-activity;sid:83685809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822710)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"180.92.233.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822710/; classtype:trojan-activity;sid:83685810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822695)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822695/; classtype:trojan-activity;sid:83685795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822697)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822697/; classtype:trojan-activity;sid:83685797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822698/; classtype:trojan-activity;sid:83685798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822699)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822699/; classtype:trojan-activity;sid:83685799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822700)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.112.124.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822700/; classtype:trojan-activity;sid:83685800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822701)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.52.158.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822701/; classtype:trojan-activity;sid:83685801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822702)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.238.132.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822702/; classtype:trojan-activity;sid:83685802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822704)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822704/; classtype:trojan-activity;sid:83685804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822705)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822705/; classtype:trojan-activity;sid:83685805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822684)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822684/; classtype:trojan-activity;sid:83685784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822685)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.191.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822685/; classtype:trojan-activity;sid:83685785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822687)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.188.174.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822687/; classtype:trojan-activity;sid:83685787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822688/; classtype:trojan-activity;sid:83685788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822689)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822689/; classtype:trojan-activity;sid:83685789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822691)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822691/; classtype:trojan-activity;sid:83685791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822692/; classtype:trojan-activity;sid:83685792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822694)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822694/; classtype:trojan-activity;sid:83685794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.49.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822676/; classtype:trojan-activity;sid:83685776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822677)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822677/; classtype:trojan-activity;sid:83685777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822678)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822678/; classtype:trojan-activity;sid:83685778; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822679)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.5.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822679/; classtype:trojan-activity;sid:83685779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822682)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822682/; classtype:trojan-activity;sid:83685782; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822674)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822674/; classtype:trojan-activity;sid:83685774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822673)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"164.215.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822673/; classtype:trojan-activity;sid:83685773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822671)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822671/; classtype:trojan-activity;sid:83685771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822670)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822670/; classtype:trojan-activity;sid:83685770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822665)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.33.2.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822665/; classtype:trojan-activity;sid:83685765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822666)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822666/; classtype:trojan-activity;sid:83685766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822667)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"191.103.217.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822667/; classtype:trojan-activity;sid:83685767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822668)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.174.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822668/; classtype:trojan-activity;sid:83685768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822669)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.151.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822669/; classtype:trojan-activity;sid:83685769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822661)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822661/; classtype:trojan-activity;sid:83685761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822662)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.114.152.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822662/; classtype:trojan-activity;sid:83685762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822663)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822663/; classtype:trojan-activity;sid:83685763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822646)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822646/; classtype:trojan-activity;sid:83685746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822647)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822647/; classtype:trojan-activity;sid:83685747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822648)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822648/; classtype:trojan-activity;sid:83685748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822649)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822649/; classtype:trojan-activity;sid:83685749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822650)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822650/; classtype:trojan-activity;sid:83685750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822651)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822651/; classtype:trojan-activity;sid:83685751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822652)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.201.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822652/; classtype:trojan-activity;sid:83685752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822653/; classtype:trojan-activity;sid:83685753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822654)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.111.210.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822654/; classtype:trojan-activity;sid:83685754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822655)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822655/; classtype:trojan-activity;sid:83685755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822657)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822657/; classtype:trojan-activity;sid:83685757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822658)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822658/; classtype:trojan-activity;sid:83685758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822660)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.172.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822660/; classtype:trojan-activity;sid:83685760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822637)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822637/; classtype:trojan-activity;sid:83685737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822638)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822638/; classtype:trojan-activity;sid:83685738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822639)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822639/; classtype:trojan-activity;sid:83685739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822641)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.159.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822641/; classtype:trojan-activity;sid:83685741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822643)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.102.18.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822643/; classtype:trojan-activity;sid:83685743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822644)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.110.151.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822644/; classtype:trojan-activity;sid:83685744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822645)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.249.178.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822645/; classtype:trojan-activity;sid:83685745; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822633)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822633/; classtype:trojan-activity;sid:83685733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822634)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822634/; classtype:trojan-activity;sid:83685734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822630)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.125.14.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822630/; classtype:trojan-activity;sid:83685730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822631)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.39.116.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822631/; classtype:trojan-activity;sid:83685731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.221.136.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822628/; classtype:trojan-activity;sid:83685728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822627)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.255.103.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822627/; classtype:trojan-activity;sid:83685727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822618)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.195.160.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822618/; classtype:trojan-activity;sid:83685718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822619)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822619/; classtype:trojan-activity;sid:83685719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822620)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822620/; classtype:trojan-activity;sid:83685720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822621)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.129.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822621/; classtype:trojan-activity;sid:83685721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822622)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822622/; classtype:trojan-activity;sid:83685722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822623)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"110.172.144.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822623/; classtype:trojan-activity;sid:83685723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822625)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.220.87.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822625/; classtype:trojan-activity;sid:83685725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822599)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.249.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822599/; classtype:trojan-activity;sid:83685699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822600)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.236.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822600/; classtype:trojan-activity;sid:83685700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822601)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822601/; classtype:trojan-activity;sid:83685701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822603)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822603/; classtype:trojan-activity;sid:83685703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822604)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.156.169.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822604/; classtype:trojan-activity;sid:83685704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822606)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822606/; classtype:trojan-activity;sid:83685706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822607)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.49.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822607/; classtype:trojan-activity;sid:83685707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822608)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822608/; classtype:trojan-activity;sid:83685708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822609)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822609/; classtype:trojan-activity;sid:83685709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822611)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.22.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822611/; classtype:trojan-activity;sid:83685711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822612)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822612/; classtype:trojan-activity;sid:83685712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822614)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.131.240.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822614/; classtype:trojan-activity;sid:83685714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822616)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822616/; classtype:trojan-activity;sid:83685716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822590)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822590/; classtype:trojan-activity;sid:83685690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822591)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.71.167.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822591/; classtype:trojan-activity;sid:83685691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822592)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822592/; classtype:trojan-activity;sid:83685692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822593)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.115.150.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822593/; classtype:trojan-activity;sid:83685693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822595)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.210.198.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822595/; classtype:trojan-activity;sid:83685695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822596)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822596/; classtype:trojan-activity;sid:83685696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822597)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.89.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822597/; classtype:trojan-activity;sid:83685697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822598)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.98.68.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822598/; classtype:trojan-activity;sid:83685698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822575)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822575/; classtype:trojan-activity;sid:83685675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822577)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822577/; classtype:trojan-activity;sid:83685677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822578)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822578/; classtype:trojan-activity;sid:83685678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822579)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.203.92.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822579/; classtype:trojan-activity;sid:83685679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822580)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822580/; classtype:trojan-activity;sid:83685680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822581)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822581/; classtype:trojan-activity;sid:83685681; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822583/; classtype:trojan-activity;sid:83685683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822584)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.207.249.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822584/; classtype:trojan-activity;sid:83685684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822585)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822585/; classtype:trojan-activity;sid:83685685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822586)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822586/; classtype:trojan-activity;sid:83685686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822587)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.179.41.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822587/; classtype:trojan-activity;sid:83685687; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822565)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.212.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822565/; classtype:trojan-activity;sid:83685665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822566/; classtype:trojan-activity;sid:83685666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822567)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822567/; classtype:trojan-activity;sid:83685667; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822568/; classtype:trojan-activity;sid:83685668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822569)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.95.124.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822569/; classtype:trojan-activity;sid:83685669; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822570)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822570/; classtype:trojan-activity;sid:83685670; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822571)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822571/; classtype:trojan-activity;sid:83685671; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822572)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.115.174.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822572/; classtype:trojan-activity;sid:83685672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822573)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822573/; classtype:trojan-activity;sid:83685673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822574)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822574/; classtype:trojan-activity;sid:83685674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822555)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822555/; classtype:trojan-activity;sid:83685655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822556)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"209.42.55.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822556/; classtype:trojan-activity;sid:83685656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822557)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822557/; classtype:trojan-activity;sid:83685657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822559)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822559/; classtype:trojan-activity;sid:83685659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822560)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.192.33.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822560/; classtype:trojan-activity;sid:83685660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822561)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"107.1.208.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822561/; classtype:trojan-activity;sid:83685661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822562)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.70.30.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822562/; classtype:trojan-activity;sid:83685662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822563)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822563/; classtype:trojan-activity;sid:83685663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822564)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822564/; classtype:trojan-activity;sid:83685664; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822551)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.124.87.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822551/; classtype:trojan-activity;sid:83685651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822552)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.202.9.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822552/; classtype:trojan-activity;sid:83685652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822553)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822553/; classtype:trojan-activity;sid:83685653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822547/; classtype:trojan-activity;sid:83685647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822548)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822548/; classtype:trojan-activity;sid:83685648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822549)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822549/; classtype:trojan-activity;sid:83685649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822550)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.94.37.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822550/; classtype:trojan-activity;sid:83685650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822544)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822544/; classtype:trojan-activity;sid:83685644; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822545)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822545/; classtype:trojan-activity;sid:83685645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822546)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822546/; classtype:trojan-activity;sid:83685646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822536)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822536/; classtype:trojan-activity;sid:83685636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822537)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822537/; classtype:trojan-activity;sid:83685637; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822538)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822538/; classtype:trojan-activity;sid:83685638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822540)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.1.93.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822540/; classtype:trojan-activity;sid:83685640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822543)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822543/; classtype:trojan-activity;sid:83685643; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822535)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.105.226.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822535/; classtype:trojan-activity;sid:83685635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822523)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822523/; classtype:trojan-activity;sid:83685623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822525)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822525/; classtype:trojan-activity;sid:83685625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822526)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822526/; classtype:trojan-activity;sid:83685626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822527)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.102.53.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822527/; classtype:trojan-activity;sid:83685627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822530)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822530/; classtype:trojan-activity;sid:83685630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822531/; classtype:trojan-activity;sid:83685631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822532)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822532/; classtype:trojan-activity;sid:83685632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822533)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.120.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822533/; classtype:trojan-activity;sid:83685633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822518/; classtype:trojan-activity;sid:83685618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822521)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.102.18.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822521/; classtype:trojan-activity;sid:83685621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822522)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822522/; classtype:trojan-activity;sid:83685622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822512)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822512/; classtype:trojan-activity;sid:83685612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822513)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.182.90.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822513/; classtype:trojan-activity;sid:83685613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822515)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822515/; classtype:trojan-activity;sid:83685615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822516/; classtype:trojan-activity;sid:83685616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822517)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822517/; classtype:trojan-activity;sid:83685617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822511)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.116.1.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822511/; classtype:trojan-activity;sid:83685611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822506)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822506/; classtype:trojan-activity;sid:83685606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822507)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822507/; classtype:trojan-activity;sid:83685607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822509)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.16.45.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822509/; classtype:trojan-activity;sid:83685609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822510)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822510/; classtype:trojan-activity;sid:83685610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822501)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822501/; classtype:trojan-activity;sid:83685601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822502)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.133.58.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822502/; classtype:trojan-activity;sid:83685602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822504)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.205.37.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822504/; classtype:trojan-activity;sid:83685604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822505)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822505/; classtype:trojan-activity;sid:83685605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822498)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822498/; classtype:trojan-activity;sid:83685598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822500)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.235.185.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822500/; classtype:trojan-activity;sid:83685600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822495)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822495/; classtype:trojan-activity;sid:83685595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822496)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822496/; classtype:trojan-activity;sid:83685596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822497)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.184.249.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822497/; classtype:trojan-activity;sid:83685597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822493)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.84.131.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822493/; classtype:trojan-activity;sid:83685593; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822494)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822494/; classtype:trojan-activity;sid:83685594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822490)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822490/; classtype:trojan-activity;sid:83685590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822491)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.176.138.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822491/; classtype:trojan-activity;sid:83685591; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822492)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.127.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822492/; classtype:trojan-activity;sid:83685592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822487)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.124.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822487/; classtype:trojan-activity;sid:83685587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822488/; classtype:trojan-activity;sid:83685588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822489)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.252.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822489/; classtype:trojan-activity;sid:83685589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822478)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822478/; classtype:trojan-activity;sid:83685578; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822481)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822481/; classtype:trojan-activity;sid:83685581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822482)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822482/; classtype:trojan-activity;sid:83685582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822484)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822484/; classtype:trojan-activity;sid:83685584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822485)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822485/; classtype:trojan-activity;sid:83685585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822466)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.160.3.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822466/; classtype:trojan-activity;sid:83685566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822468)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822468/; classtype:trojan-activity;sid:83685568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822469)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.79.114.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822469/; classtype:trojan-activity;sid:83685569; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822470)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.130.41.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822470/; classtype:trojan-activity;sid:83685570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822472)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.63.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822472/; classtype:trojan-activity;sid:83685572; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822473)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"42.98.254.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822473/; classtype:trojan-activity;sid:83685573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822474)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822474/; classtype:trojan-activity;sid:83685574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822475/; classtype:trojan-activity;sid:83685575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822476)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.114.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822476/; classtype:trojan-activity;sid:83685576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822477/; classtype:trojan-activity;sid:83685577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822460)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822460/; classtype:trojan-activity;sid:83685560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822462/; classtype:trojan-activity;sid:83685562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822464)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.112.153.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822464/; classtype:trojan-activity;sid:83685564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822455)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822455/; classtype:trojan-activity;sid:83685555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822456)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.167.196.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822456/; classtype:trojan-activity;sid:83685556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822453)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.106.27.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822453/; classtype:trojan-activity;sid:83685553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822454)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"67.78.106.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822454/; classtype:trojan-activity;sid:83685554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822448)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.40.54.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822448/; classtype:trojan-activity;sid:83685548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822435)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.222.45.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822435/; classtype:trojan-activity;sid:83685535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822436)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822436/; classtype:trojan-activity;sid:83685536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822437)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822437/; classtype:trojan-activity;sid:83685537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822439)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822439/; classtype:trojan-activity;sid:83685539; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822441)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822441/; classtype:trojan-activity;sid:83685541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822442)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822442/; classtype:trojan-activity;sid:83685542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822443)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822443/; classtype:trojan-activity;sid:83685543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822444)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.199.42.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822444/; classtype:trojan-activity;sid:83685544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822445)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.93.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822445/; classtype:trojan-activity;sid:83685545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822446)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.159.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822446/; classtype:trojan-activity;sid:83685546; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822447)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.95.35.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822447/; classtype:trojan-activity;sid:83685547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822424)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822424/; classtype:trojan-activity;sid:83685524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822429)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822429/; classtype:trojan-activity;sid:83685529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822430)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822430/; classtype:trojan-activity;sid:83685530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822431)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.18.197.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822431/; classtype:trojan-activity;sid:83685531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822432)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822432/; classtype:trojan-activity;sid:83685532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822433)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.211.107.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822433/; classtype:trojan-activity;sid:83685533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822434)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.60.215.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822434/; classtype:trojan-activity;sid:83685534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822416)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822416/; classtype:trojan-activity;sid:83685516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822417)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822417/; classtype:trojan-activity;sid:83685517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822418)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822418/; classtype:trojan-activity;sid:83685518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822419)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.68.50.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822419/; classtype:trojan-activity;sid:83685519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822420)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"143.208.36.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822420/; classtype:trojan-activity;sid:83685520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822421)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822421/; classtype:trojan-activity;sid:83685521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.54.15.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822423/; classtype:trojan-activity;sid:83685523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822411)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822411/; classtype:trojan-activity;sid:83685511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822414)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.7.158.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822414/; classtype:trojan-activity;sid:83685514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822415)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822415/; classtype:trojan-activity;sid:83685515; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822409)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822409/; classtype:trojan-activity;sid:83685509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822406)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822406/; classtype:trojan-activity;sid:83685506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822407)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822407/; classtype:trojan-activity;sid:83685507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822408)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.183.45.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822408/; classtype:trojan-activity;sid:83685508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822398)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822398/; classtype:trojan-activity;sid:83685498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822399)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822399/; classtype:trojan-activity;sid:83685499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822401)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822401/; classtype:trojan-activity;sid:83685501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.120.245.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822403/; classtype:trojan-activity;sid:83685503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822404)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.171.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822404/; classtype:trojan-activity;sid:83685504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822405)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822405/; classtype:trojan-activity;sid:83685505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822386)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.18.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822386/; classtype:trojan-activity;sid:83685486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822387)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.53.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822387/; classtype:trojan-activity;sid:83685487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822388)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822388/; classtype:trojan-activity;sid:83685488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822389/; classtype:trojan-activity;sid:83685489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822390)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822390/; classtype:trojan-activity;sid:83685490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822391)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.62.237.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822391/; classtype:trojan-activity;sid:83685491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822393)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822393/; classtype:trojan-activity;sid:83685493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822394)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822394/; classtype:trojan-activity;sid:83685494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822395)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822395/; classtype:trojan-activity;sid:83685495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822377)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822377/; classtype:trojan-activity;sid:83685477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822378)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"158.181.34.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822378/; classtype:trojan-activity;sid:83685478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822379)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.14.11.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822379/; classtype:trojan-activity;sid:83685479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822380)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.174.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822380/; classtype:trojan-activity;sid:83685480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822381)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.125.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822381/; classtype:trojan-activity;sid:83685481; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822382)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822382/; classtype:trojan-activity;sid:83685482; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822383)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822383/; classtype:trojan-activity;sid:83685483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822384)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822384/; classtype:trojan-activity;sid:83685484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822385)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822385/; classtype:trojan-activity;sid:83685485; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822370)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.226.157.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822370/; classtype:trojan-activity;sid:83685470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822371)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822371/; classtype:trojan-activity;sid:83685471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822372/; classtype:trojan-activity;sid:83685472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822374)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822374/; classtype:trojan-activity;sid:83685474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822375)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.250.202.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822375/; classtype:trojan-activity;sid:83685475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822376)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822376/; classtype:trojan-activity;sid:83685476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822369)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.252.167.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822369/; classtype:trojan-activity;sid:83685469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822367)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822367/; classtype:trojan-activity;sid:83685467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822356)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822356/; classtype:trojan-activity;sid:83685456; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822358)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822358/; classtype:trojan-activity;sid:83685458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822359)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.162.70.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822359/; classtype:trojan-activity;sid:83685459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822360)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.161.230.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822360/; classtype:trojan-activity;sid:83685460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822361)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822361/; classtype:trojan-activity;sid:83685461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822362/; classtype:trojan-activity;sid:83685462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822363)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822363/; classtype:trojan-activity;sid:83685463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822364)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822364/; classtype:trojan-activity;sid:83685464; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822350)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.111.213.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822350/; classtype:trojan-activity;sid:83685450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822352)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"104.192.201.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822352/; classtype:trojan-activity;sid:83685452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822353)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822353/; classtype:trojan-activity;sid:83685453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822354)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822354/; classtype:trojan-activity;sid:83685454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822355)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822355/; classtype:trojan-activity;sid:83685455; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822343)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.58.145.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822343/; classtype:trojan-activity;sid:83685443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822347)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.56.21.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822347/; classtype:trojan-activity;sid:83685447; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822348)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.68.79.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822348/; classtype:trojan-activity;sid:83685448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822349)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.2.213.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822349/; classtype:trojan-activity;sid:83685449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822336)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822336/; classtype:trojan-activity;sid:83685436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822338)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"175.111.182.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822338/; classtype:trojan-activity;sid:83685438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822339)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.57.219.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822339/; classtype:trojan-activity;sid:83685439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822340)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.107.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822340/; classtype:trojan-activity;sid:83685440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822341)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.239.218.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822341/; classtype:trojan-activity;sid:83685441; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822342)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822342/; classtype:trojan-activity;sid:83685442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822331/; classtype:trojan-activity;sid:83685431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822332/; classtype:trojan-activity;sid:83685432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822333)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.193.70.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822333/; classtype:trojan-activity;sid:83685433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822335)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822335/; classtype:trojan-activity;sid:83685435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822328)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.148.18.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822328/; classtype:trojan-activity;sid:83685428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822329)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822329/; classtype:trojan-activity;sid:83685429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822330)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822330/; classtype:trojan-activity;sid:83685430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822324)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.198.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822324/; classtype:trojan-activity;sid:83685424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822325)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822325/; classtype:trojan-activity;sid:83685425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822318)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822318/; classtype:trojan-activity;sid:83685418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822320)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822320/; classtype:trojan-activity;sid:83685420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822321)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822321/; classtype:trojan-activity;sid:83685421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822323)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822323/; classtype:trojan-activity;sid:83685423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822315)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.115.232.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822315/; classtype:trojan-activity;sid:83685415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822317)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"14.102.18.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822317/; classtype:trojan-activity;sid:83685417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822311)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.158.68.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822311/; classtype:trojan-activity;sid:83685411; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822312)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.118.104.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822312/; classtype:trojan-activity;sid:83685412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822303)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822303/; classtype:trojan-activity;sid:83685403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822304)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822304/; classtype:trojan-activity;sid:83685404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822306)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.181.44.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822306/; classtype:trojan-activity;sid:83685406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822296)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.97.202.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822296/; classtype:trojan-activity;sid:83685396; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822298)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"66.18.162.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822298/; classtype:trojan-activity;sid:83685398; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822299)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822299/; classtype:trojan-activity;sid:83685399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822300)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822300/; classtype:trojan-activity;sid:83685400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822301)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.76.80.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822301/; classtype:trojan-activity;sid:83685401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822302)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822302/; classtype:trojan-activity;sid:83685402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822288)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822288/; classtype:trojan-activity;sid:83685388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822289)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.209.164.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822289/; classtype:trojan-activity;sid:83685389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.185.49.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822290/; classtype:trojan-activity;sid:83685390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822291)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822291/; classtype:trojan-activity;sid:83685391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822293)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.63.213.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822293/; classtype:trojan-activity;sid:83685393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822294)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822294/; classtype:trojan-activity;sid:83685394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822295)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822295/; classtype:trojan-activity;sid:83685395; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822282)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.197.209.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822282/; classtype:trojan-activity;sid:83685382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.207.203.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822283/; classtype:trojan-activity;sid:83685383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822284/; classtype:trojan-activity;sid:83685384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822286)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822286/; classtype:trojan-activity;sid:83685386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822274)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822274/; classtype:trojan-activity;sid:83685374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822275)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822275/; classtype:trojan-activity;sid:83685375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822276)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.205.35.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822276/; classtype:trojan-activity;sid:83685376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822277)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.234.151.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822277/; classtype:trojan-activity;sid:83685377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822279)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.81.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822279/; classtype:trojan-activity;sid:83685379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822280/; classtype:trojan-activity;sid:83685380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822281)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822281/; classtype:trojan-activity;sid:83685381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822273)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.174.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822273/; classtype:trojan-activity;sid:83685373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822272)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822272/; classtype:trojan-activity;sid:83685372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.117.133.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822266/; classtype:trojan-activity;sid:83685366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822267)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822267/; classtype:trojan-activity;sid:83685367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822268/; classtype:trojan-activity;sid:83685368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822269)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822269/; classtype:trojan-activity;sid:83685369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822263)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822263/; classtype:trojan-activity;sid:83685363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822264)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.214.112.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822264/; classtype:trojan-activity;sid:83685364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822265)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822265/; classtype:trojan-activity;sid:83685365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822254)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.102.53.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822254/; classtype:trojan-activity;sid:83685354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822255/; classtype:trojan-activity;sid:83685355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822256)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.191.143.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822256/; classtype:trojan-activity;sid:83685356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822257/; classtype:trojan-activity;sid:83685357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822258/; classtype:trojan-activity;sid:83685358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822259/; classtype:trojan-activity;sid:83685359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.205.35.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822260/; classtype:trojan-activity;sid:83685360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"23.236.6.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822247/; classtype:trojan-activity;sid:83685347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822248)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.50.146.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822248/; classtype:trojan-activity;sid:83685348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822249)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822249/; classtype:trojan-activity;sid:83685349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822250)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822250/; classtype:trojan-activity;sid:83685350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.123.37.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822252/; classtype:trojan-activity;sid:83685352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822253)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822253/; classtype:trojan-activity;sid:83685353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822238)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.229.92.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822238/; classtype:trojan-activity;sid:83685338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822239)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822239/; classtype:trojan-activity;sid:83685339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822240)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822240/; classtype:trojan-activity;sid:83685340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822241)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.102.53.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822241/; classtype:trojan-activity;sid:83685341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822242)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822242/; classtype:trojan-activity;sid:83685342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822243)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.177.251.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822243/; classtype:trojan-activity;sid:83685343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822244)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822244/; classtype:trojan-activity;sid:83685344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822246)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.224.5.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822246/; classtype:trojan-activity;sid:83685346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822236)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822236/; classtype:trojan-activity;sid:83685336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.202.245.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822237/; classtype:trojan-activity;sid:83685337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822232)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"38.137.250.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822232/; classtype:trojan-activity;sid:83685332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822234)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822234/; classtype:trojan-activity;sid:83685334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822225)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822225/; classtype:trojan-activity;sid:83685325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822226/; classtype:trojan-activity;sid:83685326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822229/; classtype:trojan-activity;sid:83685329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822230/; classtype:trojan-activity;sid:83685330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822231)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.46.57.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822231/; classtype:trojan-activity;sid:83685331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822216)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.229.82.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822216/; classtype:trojan-activity;sid:83685316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822217)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822217/; classtype:trojan-activity;sid:83685317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822218)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822218/; classtype:trojan-activity;sid:83685318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822219)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822219/; classtype:trojan-activity;sid:83685319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822220)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.52.67.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822220/; classtype:trojan-activity;sid:83685320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822221)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.165.192.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822221/; classtype:trojan-activity;sid:83685321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822222)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.70.115.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822222/; classtype:trojan-activity;sid:83685322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822223)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"165.165.183.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822223/; classtype:trojan-activity;sid:83685323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822224)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.202.206.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822224/; classtype:trojan-activity;sid:83685324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822210)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822210/; classtype:trojan-activity;sid:83685310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822211)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822211/; classtype:trojan-activity;sid:83685311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822212)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822212/; classtype:trojan-activity;sid:83685312; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822213)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.141.29.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822213/; classtype:trojan-activity;sid:83685313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822214)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822214/; classtype:trojan-activity;sid:83685314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822215)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.237.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822215/; classtype:trojan-activity;sid:83685315; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822205)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822205/; classtype:trojan-activity;sid:83685305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822206)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.152.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822206/; classtype:trojan-activity;sid:83685306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822207)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822207/; classtype:trojan-activity;sid:83685307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822196)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822196/; classtype:trojan-activity;sid:83685296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822197)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822197/; classtype:trojan-activity;sid:83685297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822198)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822198/; classtype:trojan-activity;sid:83685298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822199)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822199/; classtype:trojan-activity;sid:83685299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822200)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822200/; classtype:trojan-activity;sid:83685300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822193)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.199.123.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822193/; classtype:trojan-activity;sid:83685293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822194)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822194/; classtype:trojan-activity;sid:83685294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822192)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822192/; classtype:trojan-activity;sid:83685292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822191)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.84.237.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822191/; classtype:trojan-activity;sid:83685291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822185)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.107.231.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822185/; classtype:trojan-activity;sid:83685285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822186)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822186/; classtype:trojan-activity;sid:83685286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822189)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822189/; classtype:trojan-activity;sid:83685289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822190)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822190/; classtype:trojan-activity;sid:83685290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822182)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822182/; classtype:trojan-activity;sid:83685282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822184)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822184/; classtype:trojan-activity;sid:83685284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822173/; classtype:trojan-activity;sid:83685273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822174)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822174/; classtype:trojan-activity;sid:83685274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822176)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"125.237.197.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822176/; classtype:trojan-activity;sid:83685276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822178)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822178/; classtype:trojan-activity;sid:83685278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822181)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822181/; classtype:trojan-activity;sid:83685281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822160)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822160/; classtype:trojan-activity;sid:83685260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822161)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822161/; classtype:trojan-activity;sid:83685261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822162/; classtype:trojan-activity;sid:83685262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822165/; classtype:trojan-activity;sid:83685265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822166)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.136.151.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822166/; classtype:trojan-activity;sid:83685266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822167)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822167/; classtype:trojan-activity;sid:83685267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822168/; classtype:trojan-activity;sid:83685268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822169)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822169/; classtype:trojan-activity;sid:83685269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822170)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822170/; classtype:trojan-activity;sid:83685270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822157)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.222.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822157/; classtype:trojan-activity;sid:83685257; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822158)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.15.62.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822158/; classtype:trojan-activity;sid:83685258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822159)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.66.105.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822159/; classtype:trojan-activity;sid:83685259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822153)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822153/; classtype:trojan-activity;sid:83685253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822155)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822155/; classtype:trojan-activity;sid:83685255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822156)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.91.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822156/; classtype:trojan-activity;sid:83685256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822147)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.142.73.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822147/; classtype:trojan-activity;sid:83685247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822148)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.129.195.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822148/; classtype:trojan-activity;sid:83685248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822149)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822149/; classtype:trojan-activity;sid:83685249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.246.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822150/; classtype:trojan-activity;sid:83685250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822142)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822142/; classtype:trojan-activity;sid:83685242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822144)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822144/; classtype:trojan-activity;sid:83685244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822145)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822145/; classtype:trojan-activity;sid:83685245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822140)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822140/; classtype:trojan-activity;sid:83685240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822141)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822141/; classtype:trojan-activity;sid:83685241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822138)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822138/; classtype:trojan-activity;sid:83685238; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822129)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822129/; classtype:trojan-activity;sid:83685229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822130)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.21.132.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822130/; classtype:trojan-activity;sid:83685230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822131)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822131/; classtype:trojan-activity;sid:83685231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822132)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822132/; classtype:trojan-activity;sid:83685232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822133)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822133/; classtype:trojan-activity;sid:83685233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822134)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822134/; classtype:trojan-activity;sid:83685234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822135)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"179.43.98.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822135/; classtype:trojan-activity;sid:83685235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822137)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822137/; classtype:trojan-activity;sid:83685237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822125/; classtype:trojan-activity;sid:83685225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822126)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.105.205.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822126/; classtype:trojan-activity;sid:83685226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822127/; classtype:trojan-activity;sid:83685227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822116)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822116/; classtype:trojan-activity;sid:83685216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822117)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822117/; classtype:trojan-activity;sid:83685217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822118)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.91.150.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822118/; classtype:trojan-activity;sid:83685218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.226.199.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822119/; classtype:trojan-activity;sid:83685219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822120)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.255.103.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822120/; classtype:trojan-activity;sid:83685220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822121)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822121/; classtype:trojan-activity;sid:83685221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822123)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822123/; classtype:trojan-activity;sid:83685223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822108)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.18.28.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822108/; classtype:trojan-activity;sid:83685208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822109)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822109/; classtype:trojan-activity;sid:83685209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822111)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.204.218.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822111/; classtype:trojan-activity;sid:83685211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822113)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.199.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822113/; classtype:trojan-activity;sid:83685213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822114)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822114/; classtype:trojan-activity;sid:83685214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822099)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.203.247.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822099/; classtype:trojan-activity;sid:83685199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822100)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822100/; classtype:trojan-activity;sid:83685200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822101)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822101/; classtype:trojan-activity;sid:83685201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822102)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822102/; classtype:trojan-activity;sid:83685202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822106)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.174.99.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822106/; classtype:trojan-activity;sid:83685206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822107)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822107/; classtype:trojan-activity;sid:83685207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822098/; classtype:trojan-activity;sid:83685198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822097)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.127.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822097/; classtype:trojan-activity;sid:83685197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822094)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822094/; classtype:trojan-activity;sid:83685194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822096)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822096/; classtype:trojan-activity;sid:83685196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822083/; classtype:trojan-activity;sid:83685183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822084)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822084/; classtype:trojan-activity;sid:83685184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822085)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.7.42.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822085/; classtype:trojan-activity;sid:83685185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822086)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822086/; classtype:trojan-activity;sid:83685186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822088/; classtype:trojan-activity;sid:83685188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822090)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.148.112.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822090/; classtype:trojan-activity;sid:83685190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822092)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822092/; classtype:trojan-activity;sid:83685192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.89.206.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822093/; classtype:trojan-activity;sid:83685193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822073/; classtype:trojan-activity;sid:83685173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822074)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"121.52.72.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822074/; classtype:trojan-activity;sid:83685174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822075)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.180.176.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822075/; classtype:trojan-activity;sid:83685175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822076)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822076/; classtype:trojan-activity;sid:83685176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822077)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822077/; classtype:trojan-activity;sid:83685177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822080)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822080/; classtype:trojan-activity;sid:83685180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822081)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.205.74.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822081/; classtype:trojan-activity;sid:83685181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822065)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822065/; classtype:trojan-activity;sid:83685165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822066)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822066/; classtype:trojan-activity;sid:83685166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822067)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822067/; classtype:trojan-activity;sid:83685167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822068)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.97.143.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822068/; classtype:trojan-activity;sid:83685168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822070)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822070/; classtype:trojan-activity;sid:83685170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822072)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822072/; classtype:trojan-activity;sid:83685172; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.65.50.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822061/; classtype:trojan-activity;sid:83685161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822062)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.153.126.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822062/; classtype:trojan-activity;sid:83685162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822063)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822063/; classtype:trojan-activity;sid:83685163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822058)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822058/; classtype:trojan-activity;sid:83685158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822059)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.13.143.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822059/; classtype:trojan-activity;sid:83685159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822060)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.171.55.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822060/; classtype:trojan-activity;sid:83685160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822054)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822054/; classtype:trojan-activity;sid:83685154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822056)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.152.168.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822056/; classtype:trojan-activity;sid:83685156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822048/; classtype:trojan-activity;sid:83685148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822049)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.93.84.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822049/; classtype:trojan-activity;sid:83685149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822050)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.18.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822050/; classtype:trojan-activity;sid:83685150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822052)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822052/; classtype:trojan-activity;sid:83685152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822053)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.140.36.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822053/; classtype:trojan-activity;sid:83685153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822042)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822042/; classtype:trojan-activity;sid:83685142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822043)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.108.154.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822043/; classtype:trojan-activity;sid:83685143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822044)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822044/; classtype:trojan-activity;sid:83685144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822047)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822047/; classtype:trojan-activity;sid:83685147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822029)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.117.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822029/; classtype:trojan-activity;sid:83685129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822031)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822031/; classtype:trojan-activity;sid:83685131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822032)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.115.254.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822032/; classtype:trojan-activity;sid:83685132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822034)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.220.157.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822034/; classtype:trojan-activity;sid:83685134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822035)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822035/; classtype:trojan-activity;sid:83685135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.54.179.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822036/; classtype:trojan-activity;sid:83685136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822037)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.12.60.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822037/; classtype:trojan-activity;sid:83685137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822038)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.165.21.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822038/; classtype:trojan-activity;sid:83685138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822039)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822039/; classtype:trojan-activity;sid:83685139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822041)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822041/; classtype:trojan-activity;sid:83685141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822020)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822020/; classtype:trojan-activity;sid:83685120; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822021)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"64.64.152.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822021/; classtype:trojan-activity;sid:83685121; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822022)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.186.22.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822022/; classtype:trojan-activity;sid:83685122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822023)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822023/; classtype:trojan-activity;sid:83685123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822024)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822024/; classtype:trojan-activity;sid:83685124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822025)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822025/; classtype:trojan-activity;sid:83685125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822026)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"187.33.225.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822026/; classtype:trojan-activity;sid:83685126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822027)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822027/; classtype:trojan-activity;sid:83685127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822028)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.100.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822028/; classtype:trojan-activity;sid:83685128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822016)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.127.8.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822016/; classtype:trojan-activity;sid:83685116; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822017)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822017/; classtype:trojan-activity;sid:83685117; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822018/; classtype:trojan-activity;sid:83685118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822019/; classtype:trojan-activity;sid:83685119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822013)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822013/; classtype:trojan-activity;sid:83685113; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822014)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822014/; classtype:trojan-activity;sid:83685114; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822010)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.213.157.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822010/; classtype:trojan-activity;sid:83685110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822011)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822011/; classtype:trojan-activity;sid:83685111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822007)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822007/; classtype:trojan-activity;sid:83685107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822008/; classtype:trojan-activity;sid:83685108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822009)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.95.48.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822009/; classtype:trojan-activity;sid:83685109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821996)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821996/; classtype:trojan-activity;sid:83685096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821998)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.29.162.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821998/; classtype:trojan-activity;sid:83685098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.174.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822000/; classtype:trojan-activity;sid:83685100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822002)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.179.233.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822002/; classtype:trojan-activity;sid:83685102; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822003)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822003/; classtype:trojan-activity;sid:83685103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822004)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822004/; classtype:trojan-activity;sid:83685104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822005)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"203.223.44.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822005/; classtype:trojan-activity;sid:83685105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2822006)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2822006/; classtype:trojan-activity;sid:83685106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821992)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.249.179.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821992/; classtype:trojan-activity;sid:83685092; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821994)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.15.233.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821994/; classtype:trojan-activity;sid:83685094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821995)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.196.180.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821995/; classtype:trojan-activity;sid:83685095; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821981)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821981/; classtype:trojan-activity;sid:83685081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821982)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"134.249.186.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821982/; classtype:trojan-activity;sid:83685082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821983)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821983/; classtype:trojan-activity;sid:83685083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821984)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.109.168.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821984/; classtype:trojan-activity;sid:83685084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821985)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.17.36.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821985/; classtype:trojan-activity;sid:83685085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821986)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.171.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821986/; classtype:trojan-activity;sid:83685086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821987)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.120.179.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821987/; classtype:trojan-activity;sid:83685087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821988)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.76.80.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821988/; classtype:trojan-activity;sid:83685088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821989)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.204.141.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821989/; classtype:trojan-activity;sid:83685089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821990)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.191.218.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821990/; classtype:trojan-activity;sid:83685090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821973)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.237.242.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821973/; classtype:trojan-activity;sid:83685073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821975)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.70.30.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821975/; classtype:trojan-activity;sid:83685075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821976/; classtype:trojan-activity;sid:83685076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821977)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821977/; classtype:trojan-activity;sid:83685077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821980)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821980/; classtype:trojan-activity;sid:83685080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821971)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.248.41.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821971/; classtype:trojan-activity;sid:83685071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821966)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821966/; classtype:trojan-activity;sid:83685066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821968)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.93.92.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821968/; classtype:trojan-activity;sid:83685068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821969)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.34.22.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821969/; classtype:trojan-activity;sid:83685069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821970)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821970/; classtype:trojan-activity;sid:83685070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821961)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821961/; classtype:trojan-activity;sid:83685061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821963)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821963/; classtype:trojan-activity;sid:83685063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821964)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.77.150.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821964/; classtype:trojan-activity;sid:83685064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821958)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.254.23.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821958/; classtype:trojan-activity;sid:83685058; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821959)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821959/; classtype:trojan-activity;sid:83685059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821960)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821960/; classtype:trojan-activity;sid:83685060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821957)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821957/; classtype:trojan-activity;sid:83685057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821950)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"81.4.143.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821950/; classtype:trojan-activity;sid:83685050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821952)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821952/; classtype:trojan-activity;sid:83685052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821953)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821953/; classtype:trojan-activity;sid:83685053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821954)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"189.71.131.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821954/; classtype:trojan-activity;sid:83685054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821941)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821941/; classtype:trojan-activity;sid:83685041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821942)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821942/; classtype:trojan-activity;sid:83685042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821943)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.52.34.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821943/; classtype:trojan-activity;sid:83685043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821944)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821944/; classtype:trojan-activity;sid:83685044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821945)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"191.103.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821945/; classtype:trojan-activity;sid:83685045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821946)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.212.237.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821946/; classtype:trojan-activity;sid:83685046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.23.24.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821947/; classtype:trojan-activity;sid:83685047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821948)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.11.95.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821948/; classtype:trojan-activity;sid:83685048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821949)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821949/; classtype:trojan-activity;sid:83685049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821928)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821928/; classtype:trojan-activity;sid:83685028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821929)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821929/; classtype:trojan-activity;sid:83685029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821930)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821930/; classtype:trojan-activity;sid:83685030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821931)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821931/; classtype:trojan-activity;sid:83685031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.105.249.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821932/; classtype:trojan-activity;sid:83685032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821934)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821934/; classtype:trojan-activity;sid:83685034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821935)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821935/; classtype:trojan-activity;sid:83685035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821936)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"186.208.68.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821936/; classtype:trojan-activity;sid:83685036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821938)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.67.4.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821938/; classtype:trojan-activity;sid:83685038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821939)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821939/; classtype:trojan-activity;sid:83685039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821940)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.98.86.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821940/; classtype:trojan-activity;sid:83685040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821922)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.238.118.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821922/; classtype:trojan-activity;sid:83685022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821923)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.254.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821923/; classtype:trojan-activity;sid:83685023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821924)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821924/; classtype:trojan-activity;sid:83685024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821925/; classtype:trojan-activity;sid:83685025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821926)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821926/; classtype:trojan-activity;sid:83685026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821917)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821917/; classtype:trojan-activity;sid:83685017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821919)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.16.75.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821919/; classtype:trojan-activity;sid:83685019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821920)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.21.192.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821920/; classtype:trojan-activity;sid:83685020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821916)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.102.53.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821916/; classtype:trojan-activity;sid:83685016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821913)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"193.242.149.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821913/; classtype:trojan-activity;sid:83685013; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821914)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821914/; classtype:trojan-activity;sid:83685014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821915)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821915/; classtype:trojan-activity;sid:83685015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821911)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821911/; classtype:trojan-activity;sid:83685011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821889)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"211.251.10.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821889/; classtype:trojan-activity;sid:83684989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821876)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.213.104.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821876/; classtype:trojan-activity;sid:83684976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821871)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.196.97.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821871/; classtype:trojan-activity;sid:83684971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.220.157.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821868/; classtype:trojan-activity;sid:83684968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.184.249.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821869/; classtype:trojan-activity;sid:83684969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.4.222.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821863/; classtype:trojan-activity;sid:83684963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.95.124.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821864/; classtype:trojan-activity;sid:83684964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821857)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.188.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821857/; classtype:trojan-activity;sid:83684957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.10.211.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821858/; classtype:trojan-activity;sid:83684958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821860)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.18.218"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821860/; classtype:trojan-activity;sid:83684960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.29.162.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821861/; classtype:trojan-activity;sid:83684961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.245.165.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821852/; classtype:trojan-activity;sid:83684952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.43.228.126"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821854/; classtype:trojan-activity;sid:83684954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.162.70.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821855/; classtype:trojan-activity;sid:83684955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.251.10.143"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821856/; classtype:trojan-activity;sid:83684956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.114.137.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821850/; classtype:trojan-activity;sid:83684950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.182.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821851/; classtype:trojan-activity;sid:83684951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.153.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821839/; classtype:trojan-activity;sid:83684939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.69.219.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821841/; classtype:trojan-activity;sid:83684941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821842/; classtype:trojan-activity;sid:83684942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.246.165.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821843/; classtype:trojan-activity;sid:83684943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.162.70.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821844/; classtype:trojan-activity;sid:83684944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.191.16.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821845/; classtype:trojan-activity;sid:83684945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821846)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.116.1.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821846/; classtype:trojan-activity;sid:83684946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821834)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.183.186.164"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821834/; classtype:trojan-activity;sid:83684934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.222.134.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821835/; classtype:trojan-activity;sid:83684935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821836/; classtype:trojan-activity;sid:83684936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"145.255.30.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821837/; classtype:trojan-activity;sid:83684937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.95.254.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821828/; classtype:trojan-activity;sid:83684928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.148.20.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821829/; classtype:trojan-activity;sid:83684929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.183.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821831/; classtype:trojan-activity;sid:83684931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821818)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.0.131.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821818/; classtype:trojan-activity;sid:83684918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.218.50.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821819/; classtype:trojan-activity;sid:83684919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821820/; classtype:trojan-activity;sid:83684920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.195.191.123"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821821/; classtype:trojan-activity;sid:83684921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.14.11.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821822/; classtype:trojan-activity;sid:83684922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.37.71"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821823/; classtype:trojan-activity;sid:83684923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.129.2.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821811/; classtype:trojan-activity;sid:83684911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821812)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.133.4.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821812/; classtype:trojan-activity;sid:83684912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821813)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.77.11"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821813/; classtype:trojan-activity;sid:83684913; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821806/; classtype:trojan-activity;sid:83684906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.231.181.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821809/; classtype:trojan-activity;sid:83684909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.7.223.212"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821799/; classtype:trojan-activity;sid:83684899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.41.63.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821800/; classtype:trojan-activity;sid:83684900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.62.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821801/; classtype:trojan-activity;sid:83684901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.1.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821802/; classtype:trojan-activity;sid:83684902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821803)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.159.8.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821803/; classtype:trojan-activity;sid:83684903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.185.119.13"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821804/; classtype:trojan-activity;sid:83684904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.147.120.145"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821793/; classtype:trojan-activity;sid:83684893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.149.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821794/; classtype:trojan-activity;sid:83684894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.122.28.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821795/; classtype:trojan-activity;sid:83684895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.76.80.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821798/; classtype:trojan-activity;sid:83684898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.158.202"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821787/; classtype:trojan-activity;sid:83684887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.63.213.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821788/; classtype:trojan-activity;sid:83684888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.20.38"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821789/; classtype:trojan-activity;sid:83684889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.136.50.41"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821790/; classtype:trojan-activity;sid:83684890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.66.125.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821782/; classtype:trojan-activity;sid:83684882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821783/; classtype:trojan-activity;sid:83684883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.248.41.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821785/; classtype:trojan-activity;sid:83684885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821776)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.175.134.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821776/; classtype:trojan-activity;sid:83684876; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.55.98.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821777/; classtype:trojan-activity;sid:83684877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.66.105.167"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821781/; classtype:trojan-activity;sid:83684881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.197.209.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821773/; classtype:trojan-activity;sid:83684873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.226.157.192"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821774/; classtype:trojan-activity;sid:83684874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.226.199.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821767/; classtype:trojan-activity;sid:83684867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.105.249.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821768/; classtype:trojan-activity;sid:83684868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821769)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.124.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821769/; classtype:trojan-activity;sid:83684869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.20.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821770/; classtype:trojan-activity;sid:83684870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.190.20.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821765/; classtype:trojan-activity;sid:83684865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.113.122.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821763/; classtype:trojan-activity;sid:83684863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821764)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.124.33.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821764/; classtype:trojan-activity;sid:83684864; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.96.214.111"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821759/; classtype:trojan-activity;sid:83684859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.72.6.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821760/; classtype:trojan-activity;sid:83684860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.2.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821762/; classtype:trojan-activity;sid:83684862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821752)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.29.162.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821752/; classtype:trojan-activity;sid:83684852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"173.235.65.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821753/; classtype:trojan-activity;sid:83684853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.197"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821754/; classtype:trojan-activity;sid:83684854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.211.252.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821755/; classtype:trojan-activity;sid:83684855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821757)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.217.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821757/; classtype:trojan-activity;sid:83684857; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.218.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821758/; classtype:trojan-activity;sid:83684858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.2.23.244"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821747/; classtype:trojan-activity;sid:83684847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.109.113.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821748/; classtype:trojan-activity;sid:83684848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821749)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.239.120.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821749/; classtype:trojan-activity;sid:83684849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821751/; classtype:trojan-activity;sid:83684851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821740)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821740/; classtype:trojan-activity;sid:83684840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.181.34.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821741/; classtype:trojan-activity;sid:83684841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.205.131.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821743/; classtype:trojan-activity;sid:83684843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821745)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.104.195.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821745/; classtype:trojan-activity;sid:83684845; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.44.202"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821735/; classtype:trojan-activity;sid:83684835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821736)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.100.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821736/; classtype:trojan-activity;sid:83684836; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.188.30.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821737/; classtype:trojan-activity;sid:83684837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.150.253.15"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821738/; classtype:trojan-activity;sid:83684838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.46"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821729/; classtype:trojan-activity;sid:83684829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821730)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.135.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821730/; classtype:trojan-activity;sid:83684830; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.33.2.253"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821731/; classtype:trojan-activity;sid:83684831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821732)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.154.187.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821732/; classtype:trojan-activity;sid:83684832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821733)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.33.114.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821733/; classtype:trojan-activity;sid:83684833; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.4.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821721/; classtype:trojan-activity;sid:83684821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.5.19.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821722/; classtype:trojan-activity;sid:83684822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821723)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.103.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821723/; classtype:trojan-activity;sid:83684823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.167.13.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821724/; classtype:trojan-activity;sid:83684824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821725)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.188.248.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821725/; classtype:trojan-activity;sid:83684825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"147.91.249.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821726/; classtype:trojan-activity;sid:83684826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821728)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.199.179.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821728/; classtype:trojan-activity;sid:83684828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.202.194.152"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821720/; classtype:trojan-activity;sid:83684820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.23.210"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821716/; classtype:trojan-activity;sid:83684816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821706)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.237.4.20"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821706/; classtype:trojan-activity;sid:83684806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.161.230.107"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821707/; classtype:trojan-activity;sid:83684807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821709)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.204.212.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821709/; classtype:trojan-activity;sid:83684809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.117.210.108"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821710/; classtype:trojan-activity;sid:83684810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821711)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.173.173.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821711/; classtype:trojan-activity;sid:83684811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.13.133.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821712/; classtype:trojan-activity;sid:83684812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.209.71.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821713/; classtype:trojan-activity;sid:83684813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.84.237.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821701/; classtype:trojan-activity;sid:83684801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.93.245.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821703/; classtype:trojan-activity;sid:83684803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.52.72.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821705/; classtype:trojan-activity;sid:83684805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821690)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.246.177.214"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821690/; classtype:trojan-activity;sid:83684790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821691)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.97.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821691/; classtype:trojan-activity;sid:83684791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821692)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.159.0.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821692/; classtype:trojan-activity;sid:83684792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821693)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.50.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821693/; classtype:trojan-activity;sid:83684793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.106.58.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821697/; classtype:trojan-activity;sid:83684797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821699)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"211.186.82.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821699/; classtype:trojan-activity;sid:83684799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.243.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821700/; classtype:trojan-activity;sid:83684800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821679)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.63.242.37"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821679/; classtype:trojan-activity;sid:83684779; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821680)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.224.242.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821680/; classtype:trojan-activity;sid:83684780; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821685)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.86.123.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821685/; classtype:trojan-activity;sid:83684785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821687)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.228.6.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821687/; classtype:trojan-activity;sid:83684787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821688)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.158.238.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821688/; classtype:trojan-activity;sid:83684788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821689)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.0.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821689/; classtype:trojan-activity;sid:83684789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821676)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.0.129.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821676/; classtype:trojan-activity;sid:83684776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821677)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.231.250"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821677/; classtype:trojan-activity;sid:83684777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821672)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.35.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821672/; classtype:trojan-activity;sid:83684772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821673)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821673/; classtype:trojan-activity;sid:83684773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821674)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.199.123.147"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821674/; classtype:trojan-activity;sid:83684774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821669)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821669/; classtype:trojan-activity;sid:83684769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821670)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.137.36.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821670/; classtype:trojan-activity;sid:83684770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821667)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.219.163.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821667/; classtype:trojan-activity;sid:83684767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821663)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.18.197.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821663/; classtype:trojan-activity;sid:83684763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821662)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.117.133.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821662/; classtype:trojan-activity;sid:83684762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821660)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.200.106.94"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821660/; classtype:trojan-activity;sid:83684760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.242.106.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821656/; classtype:trojan-activity;sid:83684756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821657)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.78.201.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821657/; classtype:trojan-activity;sid:83684757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.109.201.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821659/; classtype:trojan-activity;sid:83684759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821653)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.230.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821653/; classtype:trojan-activity;sid:83684753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821654)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.248.145.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821654/; classtype:trojan-activity;sid:83684754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821647)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.254.46.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821647/; classtype:trojan-activity;sid:83684747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821648)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"168.205.53.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821648/; classtype:trojan-activity;sid:83684748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821649)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.225.114.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821649/; classtype:trojan-activity;sid:83684749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821651)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.56.21.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821651/; classtype:trojan-activity;sid:83684751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.252.66.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821646/; classtype:trojan-activity;sid:83684746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.193.59.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821639/; classtype:trojan-activity;sid:83684739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.125.58"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821643/; classtype:trojan-activity;sid:83684743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.128.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821644/; classtype:trojan-activity;sid:83684744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.214.112.218"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821628/; classtype:trojan-activity;sid:83684728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821629)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.12.6.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821629/; classtype:trojan-activity;sid:83684729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.94.245.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821633/; classtype:trojan-activity;sid:83684733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821634)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.65.35.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821634/; classtype:trojan-activity;sid:83684734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.177.98.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821638/; classtype:trojan-activity;sid:83684738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821619)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.61.163.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821619/; classtype:trojan-activity;sid:83684719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.15.176.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821620/; classtype:trojan-activity;sid:83684720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821623)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.15.233.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821623/; classtype:trojan-activity;sid:83684723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.52.158.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821624/; classtype:trojan-activity;sid:83684724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.237.250.100"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821625/; classtype:trojan-activity;sid:83684725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821626)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.228.223.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821626/; classtype:trojan-activity;sid:83684726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821627)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"167.250.193.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821627/; classtype:trojan-activity;sid:83684727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821615/; classtype:trojan-activity;sid:83684715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821617)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821617/; classtype:trojan-activity;sid:83684717; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.231.114"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821618/; classtype:trojan-activity;sid:83684718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821611)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.16.143.101"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821611/; classtype:trojan-activity;sid:83684711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821613)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.92.222.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821613/; classtype:trojan-activity;sid:83684713; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.109.185.5"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821614/; classtype:trojan-activity;sid:83684714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.143.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821607/; classtype:trojan-activity;sid:83684707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.211.154.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821609/; classtype:trojan-activity;sid:83684709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821597)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.129.202.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821597/; classtype:trojan-activity;sid:83684697; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821598)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.220.87.199"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821598/; classtype:trojan-activity;sid:83684698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821600)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.46.58.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821600/; classtype:trojan-activity;sid:83684700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821601)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.152.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821601/; classtype:trojan-activity;sid:83684701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.98.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821603/; classtype:trojan-activity;sid:83684703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.208.49.175"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821604/; classtype:trojan-activity;sid:83684704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"165.90.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821605/; classtype:trojan-activity;sid:83684705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.184.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821606/; classtype:trojan-activity;sid:83684706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821591)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.163.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821591/; classtype:trojan-activity;sid:83684691; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821593)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.205.74.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821593/; classtype:trojan-activity;sid:83684693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.134.42.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821595/; classtype:trojan-activity;sid:83684695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821596)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.220.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821596/; classtype:trojan-activity;sid:83684696; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821583)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.66.105.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821583/; classtype:trojan-activity;sid:83684683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821580/; classtype:trojan-activity;sid:83684680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2821375)"; flow:established,from_client; content:"GET"; http_method; content:"/download/6625dc41120a1492a7b822c5"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"api.discreetshare.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_22; reference:url, urlhaus.abuse.ch/url/2821375/; classtype:trojan-activity;sid:83684475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820844)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.194.35.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820844/; classtype:trojan-activity;sid:83683944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820699)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.70.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820699/; classtype:trojan-activity;sid:83683799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820692)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.148.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820692/; classtype:trojan-activity;sid:83683792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820683)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.0.160.131"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820683/; classtype:trojan-activity;sid:83683783; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820656)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820656/; classtype:trojan-activity;sid:83683756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820657)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"202.5.52.110"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820657/; classtype:trojan-activity;sid:83683757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820658)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820658/; classtype:trojan-activity;sid:83683758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820522)"; flow:established,from_client; content:"GET"; http_method; content:"/hamiform.pfm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820522/; classtype:trojan-activity;sid:83683622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820523)"; flow:established,from_client; content:"GET"; http_method; content:"/vddelbsbanerne.jpb"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820523/; classtype:trojan-activity;sid:83683623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820518)"; flow:established,from_client; content:"GET"; http_method; content:"/dtexzzndaxdvvlckccivf127.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820518/; classtype:trojan-activity;sid:83683618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820519)"; flow:established,from_client; content:"GET"; http_method; content:"/kvrpypxycvnstooeadg247.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820519/; classtype:trojan-activity;sid:83683619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820520)"; flow:established,from_client; content:"GET"; http_method; content:"/subtribes.inf"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820520/; classtype:trojan-activity;sid:83683620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820378)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820378/; classtype:trojan-activity;sid:83683478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820346)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.4.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820346/; classtype:trojan-activity;sid:83683446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820312)"; flow:established,from_client; content:"GET"; http_method; content:"/tenda.sh"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820312/; classtype:trojan-activity;sid:83683412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.55.13.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820280/; classtype:trojan-activity;sid:83683380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820261)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.82.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820261/; classtype:trojan-activity;sid:83683361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.133.94.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820228/; classtype:trojan-activity;sid:83683328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820197)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.133.94.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820197/; classtype:trojan-activity;sid:83683297; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2820110)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.239.70.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_21; reference:url, urlhaus.abuse.ch/url/2820110/; classtype:trojan-activity;sid:83683210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819966)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.162.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819966/; classtype:trojan-activity;sid:83683066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819941)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819941/; classtype:trojan-activity;sid:83683041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819942)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819942/; classtype:trojan-activity;sid:83683042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819943)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819943/; classtype:trojan-activity;sid:83683043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819944)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819944/; classtype:trojan-activity;sid:83683044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819938)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819938/; classtype:trojan-activity;sid:83683038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819939)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819939/; classtype:trojan-activity;sid:83683039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819940)"; flow:established,from_client; content:"GET"; http_method; content:"/powerpc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819940/; classtype:trojan-activity;sid:83683040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819934)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819934/; classtype:trojan-activity;sid:83683034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819935)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819935/; classtype:trojan-activity;sid:83683035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819936)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819936/; classtype:trojan-activity;sid:83683036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819937)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819937/; classtype:trojan-activity;sid:83683037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819882)"; flow:established,from_client; content:"GET"; http_method; content:"/list.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"factorylifes.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819882/; classtype:trojan-activity;sid:83682982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.194.35.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819866/; classtype:trojan-activity;sid:83682966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819839)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.194.35.224"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819839/; classtype:trojan-activity;sid:83682939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819761)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.131.158.195"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819761/; classtype:trojan-activity;sid:83682861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819595)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.235.200.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819595/; classtype:trojan-activity;sid:83682695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819463)"; flow:established,from_client; content:"GET"; http_method; content:"/files/setup.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"193.233.132.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819463/; classtype:trojan-activity;sid:83682563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819462)"; flow:established,from_client; content:"GET"; http_method; content:"/files/uniq.file"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819462/; classtype:trojan-activity;sid:83682562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819458)"; flow:established,from_client; content:"GET"; http_method; content:"/files/eu.file"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819458/; classtype:trojan-activity;sid:83682558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819455)"; flow:established,from_client; content:"GET"; http_method; content:"/files/msgbox2.file"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819455/; classtype:trojan-activity;sid:83682555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819456)"; flow:established,from_client; content:"GET"; http_method; content:"/files/us.file"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819456/; classtype:trojan-activity;sid:83682556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819457)"; flow:established,from_client; content:"GET"; http_method; content:"/files/two.file"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819457/; classtype:trojan-activity;sid:83682557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819452)"; flow:established,from_client; content:"GET"; http_method; content:"/files/msgbox1.file"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819452/; classtype:trojan-activity;sid:83682552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819453)"; flow:established,from_client; content:"GET"; http_method; content:"/files/one.file"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819453/; classtype:trojan-activity;sid:83682553; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819428)"; flow:established,from_client; content:"GET"; http_method; content:"/files/file300un.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.233.132.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819428/; classtype:trojan-activity;sid:83682528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819427)"; flow:established,from_client; content:"GET"; http_method; content:"/files/uni400uni.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"193.233.132.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819427/; classtype:trojan-activity;sid:83682527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819407)"; flow:established,from_client; content:"GET"; http_method; content:"/tiraz.fla"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819407/; classtype:trojan-activity;sid:83682507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819406)"; flow:established,from_client; content:"GET"; http_method; content:"/dfqwnyoh122.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819406/; classtype:trojan-activity;sid:83682506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819392)"; flow:established,from_client; content:"GET"; http_method; content:"/belyves242.hhk"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819392/; classtype:trojan-activity;sid:83682492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2819324)"; flow:established,from_client; content:"GET"; http_method; content:"/%e8%b1%86%e5%8c%85%e4%bc%a0%e4%b8%96.zip"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"lovepk.top"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2819324/; classtype:trojan-activity;sid:83682424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818999/; classtype:trojan-activity;sid:83682099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818998)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.71.167.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818998/; classtype:trojan-activity;sid:83682098; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.68.17.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818996/; classtype:trojan-activity;sid:83682096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.224.100.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818993/; classtype:trojan-activity;sid:83682093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.30.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818994/; classtype:trojan-activity;sid:83682094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818990)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.89.206.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818990/; classtype:trojan-activity;sid:83682090; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818988)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.52.86.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818988/; classtype:trojan-activity;sid:83682088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818989)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.5.210"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818989/; classtype:trojan-activity;sid:83682089; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.177.251.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818985/; classtype:trojan-activity;sid:83682085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.19.127"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818986/; classtype:trojan-activity;sid:83682086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818987)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.245.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818987/; classtype:trojan-activity;sid:83682087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.66.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818981/; classtype:trojan-activity;sid:83682081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818982/; classtype:trojan-activity;sid:83682082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.92.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818983/; classtype:trojan-activity;sid:83682083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.254.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818984/; classtype:trojan-activity;sid:83682084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818967/; classtype:trojan-activity;sid:83682067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818969/; classtype:trojan-activity;sid:83682069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.4.22"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818971/; classtype:trojan-activity;sid:83682071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.49.4.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818973/; classtype:trojan-activity;sid:83682073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.71.250.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818974/; classtype:trojan-activity;sid:83682074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.140.32.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818975/; classtype:trojan-activity;sid:83682075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818976)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.67.130.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818976/; classtype:trojan-activity;sid:83682076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.242.106.137"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818977/; classtype:trojan-activity;sid:83682077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818978)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.43.16.120"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818978/; classtype:trojan-activity;sid:83682078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.170.168.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818962/; classtype:trojan-activity;sid:83682062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818963/; classtype:trojan-activity;sid:83682063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.114.152.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818964/; classtype:trojan-activity;sid:83682064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818965/; classtype:trojan-activity;sid:83682065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818966/; classtype:trojan-activity;sid:83682066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.72.19.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818959/; classtype:trojan-activity;sid:83682059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818953/; classtype:trojan-activity;sid:83682053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.14.183.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818954/; classtype:trojan-activity;sid:83682054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.161.231.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818950/; classtype:trojan-activity;sid:83682050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.252.69.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818946/; classtype:trojan-activity;sid:83682046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.4.143.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818947/; classtype:trojan-activity;sid:83682047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.167.25.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818948/; classtype:trojan-activity;sid:83682048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818949)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.67.60.25"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818949/; classtype:trojan-activity;sid:83682049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818942)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818942/; classtype:trojan-activity;sid:83682042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818943/; classtype:trojan-activity;sid:83682043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.207.203.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818944/; classtype:trojan-activity;sid:83682044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818930)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.137.36.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818930/; classtype:trojan-activity;sid:83682030; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.241.77.214"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818931/; classtype:trojan-activity;sid:83682031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.113.141.237"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818932/; classtype:trojan-activity;sid:83682032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818934/; classtype:trojan-activity;sid:83682034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.100.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818935/; classtype:trojan-activity;sid:83682035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.58"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818939/; classtype:trojan-activity;sid:83682039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818940/; classtype:trojan-activity;sid:83682040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818922)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.21.132.24"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818922/; classtype:trojan-activity;sid:83682022; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.160.3.5"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818924/; classtype:trojan-activity;sid:83682024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.50.148.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818926/; classtype:trojan-activity;sid:83682026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.41.225.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818915/; classtype:trojan-activity;sid:83682015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818917/; classtype:trojan-activity;sid:83682017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818919)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.64.200.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818919/; classtype:trojan-activity;sid:83682019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.143.133.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818920/; classtype:trojan-activity;sid:83682020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.78.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818911/; classtype:trojan-activity;sid:83682011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.73.244.135"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818912/; classtype:trojan-activity;sid:83682012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.73.49.254"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818905/; classtype:trojan-activity;sid:83682005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.254.192.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818906/; classtype:trojan-activity;sid:83682006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.70.242.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818907/; classtype:trojan-activity;sid:83682007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818908)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.250.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818908/; classtype:trojan-activity;sid:83682008; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.202.49.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818899/; classtype:trojan-activity;sid:83681999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818901)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.98.254.77"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818901/; classtype:trojan-activity;sid:83682001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818893)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.226.128"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818893/; classtype:trojan-activity;sid:83681993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818894)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.143.174.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818894/; classtype:trojan-activity;sid:83681994; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.127.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818892/; classtype:trojan-activity;sid:83681992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818884)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.133.95.164"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818884/; classtype:trojan-activity;sid:83681984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818885)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.57.219.149"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818885/; classtype:trojan-activity;sid:83681985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818886)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.133.58.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818886/; classtype:trojan-activity;sid:83681986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818887)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818887/; classtype:trojan-activity;sid:83681987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.10.183.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818888/; classtype:trojan-activity;sid:83681988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.0.69.42"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818889/; classtype:trojan-activity;sid:83681989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.124.87.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818880/; classtype:trojan-activity;sid:83681980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818881)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.119.95.176"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818881/; classtype:trojan-activity;sid:83681981; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818883/; classtype:trojan-activity;sid:83681983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818875)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.236.93.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818875/; classtype:trojan-activity;sid:83681975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.111.182.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818876/; classtype:trojan-activity;sid:83681976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.232.188.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818877/; classtype:trojan-activity;sid:83681977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818878)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.120.28.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818878/; classtype:trojan-activity;sid:83681978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.255.17.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818872/; classtype:trojan-activity;sid:83681972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818874)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.112.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818874/; classtype:trojan-activity;sid:83681974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.14.68"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818868/; classtype:trojan-activity;sid:83681968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.249.179.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818869/; classtype:trojan-activity;sid:83681969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.222.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818870/; classtype:trojan-activity;sid:83681970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.23.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818865/; classtype:trojan-activity;sid:83681965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.127.105.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818866/; classtype:trojan-activity;sid:83681966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.111.210.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818858/; classtype:trojan-activity;sid:83681958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.181.166.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818861/; classtype:trojan-activity;sid:83681961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"38.137.248.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818862/; classtype:trojan-activity;sid:83681962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.31.28.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818864/; classtype:trojan-activity;sid:83681964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818852/; classtype:trojan-activity;sid:83681952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818853/; classtype:trojan-activity;sid:83681953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.230.237.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818855/; classtype:trojan-activity;sid:83681955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.122.210.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818845/; classtype:trojan-activity;sid:83681945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818847)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818847/; classtype:trojan-activity;sid:83681947; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818849)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.249.179.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818849/; classtype:trojan-activity;sid:83681949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.97.169.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818850/; classtype:trojan-activity;sid:83681950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818851/; classtype:trojan-activity;sid:83681951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818833/; classtype:trojan-activity;sid:83681933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.28.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818835/; classtype:trojan-activity;sid:83681935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.52.94.215"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818837/; classtype:trojan-activity;sid:83681937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818838)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.122.43.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818838/; classtype:trojan-activity;sid:83681938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.119.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818839/; classtype:trojan-activity;sid:83681939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818840/; classtype:trojan-activity;sid:83681940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.55.247.161"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818841/; classtype:trojan-activity;sid:83681941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.162.233.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818842/; classtype:trojan-activity;sid:83681942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.76.195.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818843/; classtype:trojan-activity;sid:83681943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818844)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.188.174.35"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818844/; classtype:trojan-activity;sid:83681944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818830)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.77.128.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818830/; classtype:trojan-activity;sid:83681930; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.113.135"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818832/; classtype:trojan-activity;sid:83681932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.203.247.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818827/; classtype:trojan-activity;sid:83681927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.94.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818828/; classtype:trojan-activity;sid:83681928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.25.133.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818829/; classtype:trojan-activity;sid:83681929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818822)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"125.237.197.110"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818822/; classtype:trojan-activity;sid:83681922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.102.177.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818823/; classtype:trojan-activity;sid:83681923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818824)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.81.93.24"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818824/; classtype:trojan-activity;sid:83681924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.86.199.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818814/; classtype:trojan-activity;sid:83681914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.216.69.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818820/; classtype:trojan-activity;sid:83681920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818821)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"139.60.191.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818821/; classtype:trojan-activity;sid:83681921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.186.203.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818808/; classtype:trojan-activity;sid:83681908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.110.124.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818795/; classtype:trojan-activity;sid:83681895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.239.218.91"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818796/; classtype:trojan-activity;sid:83681896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.161.217.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818797/; classtype:trojan-activity;sid:83681897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.145.168.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818798/; classtype:trojan-activity;sid:83681898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.242.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818799/; classtype:trojan-activity;sid:83681899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818800)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.40.84.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818800/; classtype:trojan-activity;sid:83681900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.62.233.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818804/; classtype:trojan-activity;sid:83681904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818806/; classtype:trojan-activity;sid:83681906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818807)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.162.187.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818807/; classtype:trojan-activity;sid:83681907; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818789)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.202.206.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818789/; classtype:trojan-activity;sid:83681889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.112.124.194"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818794/; classtype:trojan-activity;sid:83681894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818780)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.18.165.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818780/; classtype:trojan-activity;sid:83681880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.26.180.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818781/; classtype:trojan-activity;sid:83681881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.119.172.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818783/; classtype:trojan-activity;sid:83681883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.68.50.158"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818785/; classtype:trojan-activity;sid:83681885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.219.119.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818786/; classtype:trojan-activity;sid:83681886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"134.249.186.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818787/; classtype:trojan-activity;sid:83681887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.136.240.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818773/; classtype:trojan-activity;sid:83681873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"63.78.214.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818777/; classtype:trojan-activity;sid:83681877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.200.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818778/; classtype:trojan-activity;sid:83681878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.17.36.70"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818770/; classtype:trojan-activity;sid:83681870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818772)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.203.218.38"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818772/; classtype:trojan-activity;sid:83681872; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818768)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.83.245.86"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818768/; classtype:trojan-activity;sid:83681868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818758)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818758/; classtype:trojan-activity;sid:83681858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.233.242.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818761/; classtype:trojan-activity;sid:83681861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818762)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.127.90.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818762/; classtype:trojan-activity;sid:83681862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818763/; classtype:trojan-activity;sid:83681863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818755)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.85.48.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818755/; classtype:trojan-activity;sid:83681855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818753)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.163.125"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818753/; classtype:trojan-activity;sid:83681853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.81.131.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818754/; classtype:trojan-activity;sid:83681854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818728)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.83.1.68"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_20; reference:url, urlhaus.abuse.ch/url/2818728/; classtype:trojan-activity;sid:83681828; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"72.180.148.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818700/; classtype:trojan-activity;sid:83681800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818694)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"72.180.148.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818694/; classtype:trojan-activity;sid:83681794; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818588)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.239.49.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818588/; classtype:trojan-activity;sid:83681688; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818496)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.215.124.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818496/; classtype:trojan-activity;sid:83681596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818429)"; flow:established,from_client; content:"GET"; http_method; content:"/icjfpydkbweqyez252.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818429/; classtype:trojan-activity;sid:83681529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818430)"; flow:established,from_client; content:"GET"; http_method; content:"/skabs.asd"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818430/; classtype:trojan-activity;sid:83681530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818388)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818388/; classtype:trojan-activity;sid:83681488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818280)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.102.18.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818280/; classtype:trojan-activity;sid:83681380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818276)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.79.114.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818276/; classtype:trojan-activity;sid:83681376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818277)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.102.18.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818277/; classtype:trojan-activity;sid:83681377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818278)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.144.165"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818278/; classtype:trojan-activity;sid:83681378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818279)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.159.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818279/; classtype:trojan-activity;sid:83681379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818271)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.219.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818271/; classtype:trojan-activity;sid:83681371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818272)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.7.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818272/; classtype:trojan-activity;sid:83681372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818273)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.147.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818273/; classtype:trojan-activity;sid:83681373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818269)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818269/; classtype:trojan-activity;sid:83681369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818270)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818270/; classtype:trojan-activity;sid:83681370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818240)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.105.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818240/; classtype:trojan-activity;sid:83681340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.231.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818237/; classtype:trojan-activity;sid:83681337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.98.123.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818233/; classtype:trojan-activity;sid:83681333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.198.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818234/; classtype:trojan-activity;sid:83681334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818235)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.37.125"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818235/; classtype:trojan-activity;sid:83681335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.174.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818236/; classtype:trojan-activity;sid:83681336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.81.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818232/; classtype:trojan-activity;sid:83681332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818229/; classtype:trojan-activity;sid:83681329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.48.45"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818230/; classtype:trojan-activity;sid:83681330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.150.221"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818227/; classtype:trojan-activity;sid:83681327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818228/; classtype:trojan-activity;sid:83681328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.219.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818223/; classtype:trojan-activity;sid:83681323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818127)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.ppc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818127/; classtype:trojan-activity;sid:83681227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818128)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm7"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818128/; classtype:trojan-activity;sid:83681228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818131)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mips"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818131/; classtype:trojan-activity;sid:83681231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818123)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm6"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818123/; classtype:trojan-activity;sid:83681223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818124)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm5"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818124/; classtype:trojan-activity;sid:83681224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818125)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818125/; classtype:trojan-activity;sid:83681225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818126)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.arm"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818126/; classtype:trojan-activity;sid:83681226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818114)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.sh4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818114/; classtype:trojan-activity;sid:83681214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818115)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.mpsl"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818115/; classtype:trojan-activity;sid:83681215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818118)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.m68k"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818118/; classtype:trojan-activity;sid:83681218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818112)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818112/; classtype:trojan-activity;sid:83681212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818113)"; flow:established,from_client; content:"GET"; http_method; content:"/bot.spc"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"5.182.210.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818113/; classtype:trojan-activity;sid:83681213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818103)"; flow:established,from_client; content:"GET"; http_method; content:"/snusikod/fac/raw/main/dfwa.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818103/; classtype:trojan-activity;sid:83681203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2818018)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"58.8.137.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2818018/; classtype:trojan-activity;sid:83681118; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817893)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.59.113.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817893/; classtype:trojan-activity;sid:83680993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817869)"; flow:established,from_client; content:"GET"; http_method; content:"/070.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817869/; classtype:trojan-activity;sid:83680969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817815)"; flow:established,from_client; content:"GET"; http_method; content:"/d/26fe70/disc.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"www.file-drop.cc"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817815/; classtype:trojan-activity;sid:83680915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817766)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_19; reference:url, urlhaus.abuse.ch/url/2817766/; classtype:trojan-activity;sid:83680866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817458)"; flow:established,from_client; content:"GET"; http_method; content:"/amady.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.5.215.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817458/; classtype:trojan-activity;sid:83680558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817457)"; flow:established,from_client; content:"GET"; http_method; content:"/amzey.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"163.5.215.125"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817457/; classtype:trojan-activity;sid:83680557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817452)"; flow:established,from_client; content:"GET"; http_method; content:"/hera/amadka.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"147.45.47.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817452/; classtype:trojan-activity;sid:83680552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817450)"; flow:established,from_client; content:"GET"; http_method; content:"/uni400uni.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817450/; classtype:trojan-activity;sid:83680550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817434)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817434/; classtype:trojan-activity;sid:83680534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817435)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817435/; classtype:trojan-activity;sid:83680535; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817436)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817436/; classtype:trojan-activity;sid:83680536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817433)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817433/; classtype:trojan-activity;sid:83680533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817422)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817422/; classtype:trojan-activity;sid:83680522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817423)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817423/; classtype:trojan-activity;sid:83680523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817426)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817426/; classtype:trojan-activity;sid:83680526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817416)"; flow:established,from_client; content:"GET"; http_method; content:"/fish.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"66.187.4.213"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817416/; classtype:trojan-activity;sid:83680516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817359)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/771/542/original/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817359/; classtype:trojan-activity;sid:83680459; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817357)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1w6j0xeptoliyrblijhnxbm_qnnoptzfw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817357/; classtype:trojan-activity;sid:83680457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817338)"; flow:established,from_client; content:"GET"; http_method; content:"/gtfcpd82.bin"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817338/; classtype:trojan-activity;sid:83680438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817339)"; flow:established,from_client; content:"GET"; http_method; content:"/fodgngerovergangs.prm"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817339/; classtype:trojan-activity;sid:83680439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817336)"; flow:established,from_client; content:"GET"; http_method; content:"/afmagringer.xsn"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817336/; classtype:trojan-activity;sid:83680436; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817329)"; flow:established,from_client; content:"GET"; http_method; content:"/vhhjqwfijn142.bin"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817329/; classtype:trojan-activity;sid:83680429; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817330)"; flow:established,from_client; content:"GET"; http_method; content:"/ssssaxccu156.bin"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817330/; classtype:trojan-activity;sid:83680430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817331)"; flow:established,from_client; content:"GET"; http_method; content:"/licences.ttf"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817331/; classtype:trojan-activity;sid:83680431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817333)"; flow:established,from_client; content:"GET"; http_method; content:"/taktreguleringsaftaler.dwp"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817333/; classtype:trojan-activity;sid:83680433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817335)"; flow:established,from_client; content:"GET"; http_method; content:"/pseudoisomer27.rar"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817335/; classtype:trojan-activity;sid:83680435; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817270)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"94.156.79.129"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817270/; classtype:trojan-activity;sid:83680370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817239)"; flow:established,from_client; content:"GET"; http_method; content:"/pbhhdf/12/raw/main/keepvid-pro_full2578.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817239/; classtype:trojan-activity;sid:83680339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817149)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/v6neism7b7lfw878ky7ww/cheatrun.zip|3f|rlkey=g278e4s48qqphghx7esn34jq5|7c|26|7c|dl=0"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817149/; classtype:trojan-activity;sid:83680249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2817148)"; flow:established,from_client; content:"GET"; http_method; content:"/coolismoney/laughing-octo-tribble/releases/download/v2/crazycore.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2817148/; classtype:trojan-activity;sid:83680248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816849)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"190.55.13.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816849/; classtype:trojan-activity;sid:83679949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816821)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816821/; classtype:trojan-activity;sid:83679921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816803)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"119.179.253.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816803/; classtype:trojan-activity;sid:83679903; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816792)"; flow:established,from_client; content:"GET"; http_method; content:"/abc3.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816792/; classtype:trojan-activity;sid:83679892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816793)"; flow:established,from_client; content:"GET"; http_method; content:"/abc1.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816793/; classtype:trojan-activity;sid:83679893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816794)"; flow:established,from_client; content:"GET"; http_method; content:"/abc2.sh"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816794/; classtype:trojan-activity;sid:83679894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816627)"; flow:established,from_client; content:"GET"; http_method; content:"/gleamer.mix"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816627/; classtype:trojan-activity;sid:83679727; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816626)"; flow:established,from_client; content:"GET"; http_method; content:"/yhefulefhskyhxykesmpv163.bin"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"87.121.105.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816626/; classtype:trojan-activity;sid:83679726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816616)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"177.22.238.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816616/; classtype:trojan-activity;sid:83679716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816522)"; flow:established,from_client; content:"GET"; http_method; content:"/storvesirs43.psm"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816522/; classtype:trojan-activity;sid:83679622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816507)"; flow:established,from_client; content:"GET"; http_method; content:"/fud_new.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"topgamecheats.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816507/; classtype:trojan-activity;sid:83679607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816505)"; flow:established,from_client; content:"GET"; http_method; content:"/ysnpkrcwwaljfspn146.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816505/; classtype:trojan-activity;sid:83679605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816506)"; flow:established,from_client; content:"GET"; http_method; content:"/flyvnings.u32"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816506/; classtype:trojan-activity;sid:83679606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816432)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.99.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816432/; classtype:trojan-activity;sid:83679532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816360)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816360/; classtype:trojan-activity;sid:83679460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816339)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816339/; classtype:trojan-activity;sid:83679439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816340)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816340/; classtype:trojan-activity;sid:83679440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816320)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816320/; classtype:trojan-activity;sid:83679420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816313)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816313/; classtype:trojan-activity;sid:83679413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816316)"; flow:established,from_client; content:"GET"; http_method; content:"/arm4"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816316/; classtype:trojan-activity;sid:83679416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816309)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"185.196.11.64"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816309/; classtype:trojan-activity;sid:83679409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816213)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"221.1.225.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816213/; classtype:trojan-activity;sid:83679313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816154)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.59.113.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816154/; classtype:trojan-activity;sid:83679254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816148)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.232.48.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816148/; classtype:trojan-activity;sid:83679248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2816121)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"209.59.113.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2816121/; classtype:trojan-activity;sid:83679221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.230.80.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815960/; classtype:trojan-activity;sid:83679060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815929)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"113.230.80.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815929/; classtype:trojan-activity;sid:83679029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815917)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.21.176.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_18; reference:url, urlhaus.abuse.ch/url/2815917/; classtype:trojan-activity;sid:83679017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815808)"; flow:established,from_client; content:"GET"; http_method; content:"/test"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"62.138.18.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815808/; classtype:trojan-activity;sid:83678908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815752)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815752/; classtype:trojan-activity;sid:83678852; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815595)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.239.22.144"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815595/; classtype:trojan-activity;sid:83678695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815303)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.249.58.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815303/; classtype:trojan-activity;sid:83678403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815222)"; flow:established,from_client; content:"GET"; http_method; content:"/eivins.lpk"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815222/; classtype:trojan-activity;sid:83678322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815216)"; flow:established,from_client; content:"GET"; http_method; content:"/lbfizike234.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815216/; classtype:trojan-activity;sid:83678316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815217)"; flow:established,from_client; content:"GET"; http_method; content:"/versalskriftes204.mso"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815217/; classtype:trojan-activity;sid:83678317; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815218)"; flow:established,from_client; content:"GET"; http_method; content:"/kolonialvaren.sea"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815218/; classtype:trojan-activity;sid:83678318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815219)"; flow:established,from_client; content:"GET"; http_method; content:"/otuqqtmxenmndwnvoaxltat192.bin"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815219/; classtype:trojan-activity;sid:83678319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815220)"; flow:established,from_client; content:"GET"; http_method; content:"/lvtpvrtpeeeakbcbj78.bin"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"87.121.105.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815220/; classtype:trojan-activity;sid:83678320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815161)"; flow:established,from_client; content:"GET"; http_method; content:"/men/prefer%20quotation.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"firstviewautoservice.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815161/; classtype:trojan-activity;sid:83678261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815103)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"ss.02maill.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815103/; classtype:trojan-activity;sid:83678203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815104)"; flow:established,from_client; content:"GET"; http_method; content:"/cve.txt"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"ss.02maill.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815104/; classtype:trojan-activity;sid:83678204; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2815034)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.167.13.184"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2815034/; classtype:trojan-activity;sid:83678134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814975)"; flow:established,from_client; content:"GET"; http_method; content:"/2.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"35.233.238.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814975/; classtype:trojan-activity;sid:83678075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814974)"; flow:established,from_client; content:"GET"; http_method; content:"/t.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"35.233.238.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814974/; classtype:trojan-activity;sid:83678074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814972)"; flow:established,from_client; content:"GET"; http_method; content:"/1.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"35.233.238.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814972/; classtype:trojan-activity;sid:83678072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814959)"; flow:established,from_client; content:"GET"; http_method; content:"/h.jpg"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"45.94.31.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814959/; classtype:trojan-activity;sid:83678059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814949)"; flow:established,from_client; content:"GET"; http_method; content:"/c5h6.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"45.94.31.103"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814949/; classtype:trojan-activity;sid:83678049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814939)"; flow:established,from_client; content:"GET"; http_method; content:"/tsrj_v11.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814939/; classtype:trojan-activity;sid:83678039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814938)"; flow:established,from_client; content:"GET"; http_method; content:"/tsrj_v12.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814938/; classtype:trojan-activity;sid:83678038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814937)"; flow:established,from_client; content:"GET"; http_method; content:"/logindll.dll"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.111.180.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814937/; classtype:trojan-activity;sid:83678037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814811)"; flow:established,from_client; content:"GET"; http_method; content:"/task.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"topgamecheats.dev"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814811/; classtype:trojan-activity;sid:83677911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814652)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.58.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_17; reference:url, urlhaus.abuse.ch/url/2814652/; classtype:trojan-activity;sid:83677752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814333)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygjsrxkk1uj7tmlrymh415sz461emtx4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814333/; classtype:trojan-activity;sid:83677433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814173)"; flow:established,from_client; content:"GET"; http_method; content:"/web/20101020044048/http://www.vsecurity.com/download/tools/linux-rds-exploit.c"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"web.archive.org"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814173/; classtype:trojan-activity;sid:83677273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.222.45.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814131/; classtype:trojan-activity;sid:83677231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.52.48.235"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814130/; classtype:trojan-activity;sid:83677230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.141.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814129/; classtype:trojan-activity;sid:83677229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.129.213"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814126/; classtype:trojan-activity;sid:83677226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.21.223.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814127/; classtype:trojan-activity;sid:83677227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.88.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814125/; classtype:trojan-activity;sid:83677225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.134.234"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814116/; classtype:trojan-activity;sid:83677216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.71.46.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814117/; classtype:trojan-activity;sid:83677217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.2.213.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814118/; classtype:trojan-activity;sid:83677218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.109.168.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814119/; classtype:trojan-activity;sid:83677219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.113.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814122/; classtype:trojan-activity;sid:83677222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814114)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.150"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814114/; classtype:trojan-activity;sid:83677214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.249.179.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814112/; classtype:trojan-activity;sid:83677212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814108/; classtype:trojan-activity;sid:83677208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.133.214.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814109/; classtype:trojan-activity;sid:83677209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814110)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.158.68.243"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814110/; classtype:trojan-activity;sid:83677210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.199.42.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814098/; classtype:trojan-activity;sid:83677198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.123.142.116"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814100/; classtype:trojan-activity;sid:83677200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814103)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.76.195.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814103/; classtype:trojan-activity;sid:83677203; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814093/; classtype:trojan-activity;sid:83677193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.196.180.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814094/; classtype:trojan-activity;sid:83677194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.128.195.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814095/; classtype:trojan-activity;sid:83677195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"131.108.39.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814096/; classtype:trojan-activity;sid:83677196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.185.47.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814084/; classtype:trojan-activity;sid:83677184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.70.30.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814085/; classtype:trojan-activity;sid:83677185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814086)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814086/; classtype:trojan-activity;sid:83677186; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814087)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.254.173.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814087/; classtype:trojan-activity;sid:83677187; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.76.80.240"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814088/; classtype:trojan-activity;sid:83677188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.223.44.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814089/; classtype:trojan-activity;sid:83677189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.48.234"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814080/; classtype:trojan-activity;sid:83677180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814082)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.34.91.22"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814082/; classtype:trojan-activity;sid:83677182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.189.218.150"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814083/; classtype:trojan-activity;sid:83677183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.255.163.249"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814078/; classtype:trojan-activity;sid:83677178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2814058)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.249.58.219"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2814058/; classtype:trojan-activity;sid:83677158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813931)"; flow:established,from_client; content:"GET"; http_method; content:"/beacon.bin"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"47.116.25.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813931/; classtype:trojan-activity;sid:83677031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813846)"; flow:established,from_client; content:"GET"; http_method; content:"/isetup7.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813846/; classtype:trojan-activity;sid:83676946; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.155.93.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813795/; classtype:trojan-activity;sid:83676895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.149"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813794/; classtype:trojan-activity;sid:83676894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.115.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813793/; classtype:trojan-activity;sid:83676893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.67.227.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813787/; classtype:trojan-activity;sid:83676887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.77.147.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813788/; classtype:trojan-activity;sid:83676888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813557)"; flow:established,from_client; content:"GET"; http_method; content:"/armv5l"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.177.182.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813557/; classtype:trojan-activity;sid:83676657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.232.48.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813503/; classtype:trojan-activity;sid:83676603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813488)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"81.232.48.63"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_16; reference:url, urlhaus.abuse.ch/url/2813488/; classtype:trojan-activity;sid:83676588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813363)"; flow:established,from_client; content:"GET"; http_method; content:"/download/661d9eb70e16ec15c9165e54"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"api.discreetshare.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813363/; classtype:trojan-activity;sid:83676463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813317)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"196.119.147.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813317/; classtype:trojan-activity;sid:83676417; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813152)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.174.99.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813152/; classtype:trojan-activity;sid:83676252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813151/; classtype:trojan-activity;sid:83676251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813148)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.153.22.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813148/; classtype:trojan-activity;sid:83676248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.28.123.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813150/; classtype:trojan-activity;sid:83676250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.218.249.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813140/; classtype:trojan-activity;sid:83676240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813141)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.15.81.46"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813141/; classtype:trojan-activity;sid:83676241; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813144)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.45.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813144/; classtype:trojan-activity;sid:83676244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.210.217.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813146/; classtype:trojan-activity;sid:83676246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.253.154.142"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813147/; classtype:trojan-activity;sid:83676247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.58.145.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813136/; classtype:trojan-activity;sid:83676236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.245.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813137/; classtype:trojan-activity;sid:83676237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813133)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.144.195"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813133/; classtype:trojan-activity;sid:83676233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813134)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.43.59.154"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813134/; classtype:trojan-activity;sid:83676234; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813128/; classtype:trojan-activity;sid:83676228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.198.242.56"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813129/; classtype:trojan-activity;sid:83676229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813131)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.231.164.10"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813131/; classtype:trojan-activity;sid:83676231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.249.140.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813132/; classtype:trojan-activity;sid:83676232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.172.144.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813120/; classtype:trojan-activity;sid:83676220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.115.150.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813123/; classtype:trojan-activity;sid:83676223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.216.100.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813125/; classtype:trojan-activity;sid:83676225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813126)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.91.182.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813126/; classtype:trojan-activity;sid:83676226; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.88.251.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813117/; classtype:trojan-activity;sid:83676217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813118/; classtype:trojan-activity;sid:83676218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813109)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"23.236.6.197"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813109/; classtype:trojan-activity;sid:83676209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.14.127"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813111/; classtype:trojan-activity;sid:83676211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.152.168.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813105/; classtype:trojan-activity;sid:83676205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813106)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813106/; classtype:trojan-activity;sid:83676206; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.151.56.42"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813107/; classtype:trojan-activity;sid:83676207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813108/; classtype:trojan-activity;sid:83676208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.117.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813090/; classtype:trojan-activity;sid:83676190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813091/; classtype:trojan-activity;sid:83676191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813093)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.30.234.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813093/; classtype:trojan-activity;sid:83676193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813094)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.153.126.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813094/; classtype:trojan-activity;sid:83676194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.224.5.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813095/; classtype:trojan-activity;sid:83676195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813096)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.203.92.41"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813096/; classtype:trojan-activity;sid:83676196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.95.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813097/; classtype:trojan-activity;sid:83676197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813098)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.141.135.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813098/; classtype:trojan-activity;sid:83676198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.179.121.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813100/; classtype:trojan-activity;sid:83676200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813101)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813101/; classtype:trojan-activity;sid:83676201; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813083)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.159.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813083/; classtype:trojan-activity;sid:83676183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.29.249.182"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813084/; classtype:trojan-activity;sid:83676184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813085)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.211.44.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813085/; classtype:trojan-activity;sid:83676185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.102.92.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813088/; classtype:trojan-activity;sid:83676188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.60.215.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813080/; classtype:trojan-activity;sid:83676180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.39.242.53"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813081/; classtype:trojan-activity;sid:83676181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.238.228.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813077/; classtype:trojan-activity;sid:83676177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813078)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.163.57.65"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813078/; classtype:trojan-activity;sid:83676178; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813074)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.238.132.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813074/; classtype:trojan-activity;sid:83676174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813067)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.111.213.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813067/; classtype:trojan-activity;sid:83676167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813068)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813068/; classtype:trojan-activity;sid:83676168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.204.154.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813069/; classtype:trojan-activity;sid:83676169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.52.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813070/; classtype:trojan-activity;sid:83676170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.156.19.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813071/; classtype:trojan-activity;sid:83676171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.15.62.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813073/; classtype:trojan-activity;sid:83676173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813055)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.221.136.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813055/; classtype:trojan-activity;sid:83676155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.142.73.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813056/; classtype:trojan-activity;sid:83676156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813057)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.228.64.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813057/; classtype:trojan-activity;sid:83676157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813058)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"129.122.98.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813058/; classtype:trojan-activity;sid:83676158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813060)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.77.74.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813060/; classtype:trojan-activity;sid:83676160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813061/; classtype:trojan-activity;sid:83676161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813063)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.153.148.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813063/; classtype:trojan-activity;sid:83676163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.189.125.90"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813064/; classtype:trojan-activity;sid:83676164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813043)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.141.29.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813043/; classtype:trojan-activity;sid:83676143; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813044)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.102.18.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813044/; classtype:trojan-activity;sid:83676144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813046)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.171.191"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813046/; classtype:trojan-activity;sid:83676146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813047)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813047/; classtype:trojan-activity;sid:83676147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813048)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.109.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813048/; classtype:trojan-activity;sid:83676148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813049)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.108.84.121"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813049/; classtype:trojan-activity;sid:83676149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"144.48.169.8"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813051/; classtype:trojan-activity;sid:83676151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.244.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813052/; classtype:trojan-activity;sid:83676152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813053)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.42.122.1"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813053/; classtype:trojan-activity;sid:83676153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813037)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813037/; classtype:trojan-activity;sid:83676137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813038)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"117.250.206.217"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813038/; classtype:trojan-activity;sid:83676138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813039)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.68.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813039/; classtype:trojan-activity;sid:83676139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813040)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813040/; classtype:trojan-activity;sid:83676140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813041)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.21.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813041/; classtype:trojan-activity;sid:83676141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813042)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.108.154.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813042/; classtype:trojan-activity;sid:83676142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813032)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.216.125.112"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813032/; classtype:trojan-activity;sid:83676132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813027)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.72.77.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813027/; classtype:trojan-activity;sid:83676127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813028)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.19.251.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813028/; classtype:trojan-activity;sid:83676128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813029)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.137.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813029/; classtype:trojan-activity;sid:83676129; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813030)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.54.15.36"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813030/; classtype:trojan-activity;sid:83676130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813026)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.101.226.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813026/; classtype:trojan-activity;sid:83676126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.85.152.26"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813023/; classtype:trojan-activity;sid:83676123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2813024)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2813024/; classtype:trojan-activity;sid:83676124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812849)"; flow:established,from_client; content:"GET"; http_method; content:"/dl.php"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812849/; classtype:trojan-activity;sid:83675949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812759)"; flow:established,from_client; content:"GET"; http_method; content:"/snusikod/fac/raw/main/pgifswa.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812759/; classtype:trojan-activity;sid:83675859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812585)"; flow:established,from_client; content:"GET"; http_method; content:"/newb.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812585/; classtype:trojan-activity;sid:83675685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812539)"; flow:established,from_client; content:"GET"; http_method; content:"/dinsherman202/solid-lamp/releases/download/download/github.software.zip"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812539/; classtype:trojan-activity;sid:83675639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812410)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.202.99.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812410/; classtype:trojan-activity;sid:83675510; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812401)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.202.99.92"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_15; reference:url, urlhaus.abuse.ch/url/2812401/; classtype:trojan-activity;sid:83675501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812331)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812331/; classtype:trojan-activity;sid:83675431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812332)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812332/; classtype:trojan-activity;sid:83675432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812324)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812324/; classtype:trojan-activity;sid:83675424; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812325)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812325/; classtype:trojan-activity;sid:83675425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812326)"; flow:established,from_client; content:"GET"; http_method; content:"/i586"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812326/; classtype:trojan-activity;sid:83675426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812327)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812327/; classtype:trojan-activity;sid:83675427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812328)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812328/; classtype:trojan-activity;sid:83675428; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812330)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812330/; classtype:trojan-activity;sid:83675430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812320)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812320/; classtype:trojan-activity;sid:83675420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812321)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812321/; classtype:trojan-activity;sid:83675421; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812322)"; flow:established,from_client; content:"GET"; http_method; content:"/i686"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812322/; classtype:trojan-activity;sid:83675422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812323)"; flow:established,from_client; content:"GET"; http_method; content:"/arc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"193.37.59.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812323/; classtype:trojan-activity;sid:83675423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812241)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.177.251.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812241/; classtype:trojan-activity;sid:83675341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.129.3.163"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812183/; classtype:trojan-activity;sid:83675283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812071)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812071/; classtype:trojan-activity;sid:83675171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812049)"; flow:established,from_client; content:"GET"; http_method; content:"/debug.dbg"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812049/; classtype:trojan-activity;sid:83675149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812053)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812053/; classtype:trojan-activity;sid:83675153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812038)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812038/; classtype:trojan-activity;sid:83675138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2812032)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2812032/; classtype:trojan-activity;sid:83675132; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811633)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.164.141.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811633/; classtype:trojan-activity;sid:83674733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"152.160.191.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811536/; classtype:trojan-activity;sid:83674636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"151.177.251.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811482/; classtype:trojan-activity;sid:83674582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811459)"; flow:established,from_client; content:"GET"; http_method; content:"/update.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.196.8.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_14; reference:url, urlhaus.abuse.ch/url/2811459/; classtype:trojan-activity;sid:83674559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811313)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.242.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811313/; classtype:trojan-activity;sid:83674413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2811221)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7oanineicw"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2811221/; classtype:trojan-activity;sid:83674321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810818)"; flow:established,from_client; content:"GET"; http_method; content:"/timesync.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.172.128.203"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810818/; classtype:trojan-activity;sid:83673918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810562)"; flow:established,from_client; content:"GET"; http_method; content:"/server/ww16/appgate2103v01_16.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"193.233.132.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810562/; classtype:trojan-activity;sid:83673662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.126.176.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_13; reference:url, urlhaus.abuse.ch/url/2810488/; classtype:trojan-activity;sid:83673588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810423)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.185.47.220"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810423/; classtype:trojan-activity;sid:83673523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.97.169.187"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810403/; classtype:trojan-activity;sid:83673503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2810327)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.81.93.24"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2810327/; classtype:trojan-activity;sid:83673427; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809938)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.231.181.173"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809938/; classtype:trojan-activity;sid:83673038; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809865)"; flow:established,from_client; content:"GET"; http_method; content:"/server/ww15/appgate2103v15.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"193.233.132.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809865/; classtype:trojan-activity;sid:83672965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809740)"; flow:established,from_client; content:"GET"; http_method; content:"/download/page_error.jpeg"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809740/; classtype:trojan-activity;sid:83672840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.230.185.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_12; reference:url, urlhaus.abuse.ch/url/2809640/; classtype:trojan-activity;sid:83672740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809352)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.113.68.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809352/; classtype:trojan-activity;sid:83672452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809316)"; flow:established,from_client; content:"GET"; http_method; content:"/xiaowei.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.41.228.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809316/; classtype:trojan-activity;sid:83672416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809314)"; flow:established,from_client; content:"GET"; http_method; content:"/sb360.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.41.228.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809314/; classtype:trojan-activity;sid:83672414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809315)"; flow:established,from_client; content:"GET"; http_method; content:"/s.exe"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"121.41.228.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809315/; classtype:trojan-activity;sid:83672415; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809305)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cipeaimbnij6poq-5e6tcbooo4dt4w6w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809305/; classtype:trojan-activity;sid:83672405; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809237)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.69.79.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809237/; classtype:trojan-activity;sid:83672337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809236)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.255.164.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809236/; classtype:trojan-activity;sid:83672336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809233)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.52.34.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809233/; classtype:trojan-activity;sid:83672333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.95.35.49"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809234/; classtype:trojan-activity;sid:83672334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809231)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.239.105.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809231/; classtype:trojan-activity;sid:83672331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809232)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.131.240.71"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809232/; classtype:trojan-activity;sid:83672332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809227)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.175.223.140"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809227/; classtype:trojan-activity;sid:83672327; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809228)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.211.197.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809228/; classtype:trojan-activity;sid:83672328; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809229)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.221.36.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809229/; classtype:trojan-activity;sid:83672329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809230)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.39.59"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809230/; classtype:trojan-activity;sid:83672330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809222)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.151.92.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809222/; classtype:trojan-activity;sid:83672322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809223)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.81.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809223/; classtype:trojan-activity;sid:83672323; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809224)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.100.241.12"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809224/; classtype:trojan-activity;sid:83672324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809225)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809225/; classtype:trojan-activity;sid:83672325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809226)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.169.56"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809226/; classtype:trojan-activity;sid:83672326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809220)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"124.235.200.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809220/; classtype:trojan-activity;sid:83672320; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809221)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.9.192.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809221/; classtype:trojan-activity;sid:83672321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809214)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.193.70.85"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809214/; classtype:trojan-activity;sid:83672314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809218)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.115.107.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809218/; classtype:trojan-activity;sid:83672318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809219)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.98.68.52"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809219/; classtype:trojan-activity;sid:83672319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809207)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"187.33.225.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809207/; classtype:trojan-activity;sid:83672307; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809208)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.211.8.190"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809208/; classtype:trojan-activity;sid:83672308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809209)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.92.93.101"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809209/; classtype:trojan-activity;sid:83672309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.23.24.250"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809211/; classtype:trojan-activity;sid:83672311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809204)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.95.186.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809204/; classtype:trojan-activity;sid:83672304; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809205)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.235.21.132"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809205/; classtype:trojan-activity;sid:83672305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809206)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.21.19.32"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809206/; classtype:trojan-activity;sid:83672306; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809200)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.174.188"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809200/; classtype:trojan-activity;sid:83672300; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809201)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.102.53.72"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809201/; classtype:trojan-activity;sid:83672301; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809203)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.122.96.124"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809203/; classtype:trojan-activity;sid:83672303; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.106.221.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809195/; classtype:trojan-activity;sid:83672295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.202.63.7"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809199/; classtype:trojan-activity;sid:83672299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809188)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.36.27"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809188/; classtype:trojan-activity;sid:83672288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809189)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.62.237.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809189/; classtype:trojan-activity;sid:83672289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809190)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.71.69.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809190/; classtype:trojan-activity;sid:83672290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.143.195.161"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809192/; classtype:trojan-activity;sid:83672292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809193)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.188.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809193/; classtype:trojan-activity;sid:83672293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809180)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.186.22.19"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809180/; classtype:trojan-activity;sid:83672280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809182)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.114.109.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809182/; classtype:trojan-activity;sid:83672282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809183)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.179.233.251"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809183/; classtype:trojan-activity;sid:83672283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809184)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.223.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809184/; classtype:trojan-activity;sid:83672284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.165.172.179"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809186/; classtype:trojan-activity;sid:83672286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809187)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809187/; classtype:trojan-activity;sid:83672287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.215.61.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809173/; classtype:trojan-activity;sid:83672273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809175)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.57"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809175/; classtype:trojan-activity;sid:83672275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809169)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"153.19.169.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809169/; classtype:trojan-activity;sid:83672269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809170)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.50.146.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809170/; classtype:trojan-activity;sid:83672270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809171)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.99.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809171/; classtype:trojan-activity;sid:83672271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809172)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.240.193.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809172/; classtype:trojan-activity;sid:83672272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.142.158.163"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809164/; classtype:trojan-activity;sid:83672264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.165.55.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809165/; classtype:trojan-activity;sid:83672265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.251.89.47"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809166/; classtype:trojan-activity;sid:83672266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809167)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809167/; classtype:trojan-activity;sid:83672267; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.18.28.97"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809163/; classtype:trojan-activity;sid:83672263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809158)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.42.201.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809158/; classtype:trojan-activity;sid:83672258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.204.141.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809159/; classtype:trojan-activity;sid:83672259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.46.197.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809161/; classtype:trojan-activity;sid:83672261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809156)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.237.242.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809156/; classtype:trojan-activity;sid:83672256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809142)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.22.25"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809142/; classtype:trojan-activity;sid:83672242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809143)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.130.70.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809143/; classtype:trojan-activity;sid:83672243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809145)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.5.6.69"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809145/; classtype:trojan-activity;sid:83672245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809146)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"208.89.168.31"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809146/; classtype:trojan-activity;sid:83672246; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809147)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.125.146"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809147/; classtype:trojan-activity;sid:83672247; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809149)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.65.15.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809149/; classtype:trojan-activity;sid:83672249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809151)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.218.160.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809151/; classtype:trojan-activity;sid:83672251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809136)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809136/; classtype:trojan-activity;sid:83672236; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809137)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.249.178.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809137/; classtype:trojan-activity;sid:83672237; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809139)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.98.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809139/; classtype:trojan-activity;sid:83672239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809140)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.53.164.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809140/; classtype:trojan-activity;sid:83672240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809130)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809130/; classtype:trojan-activity;sid:83672230; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809132)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.88.180.115"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809132/; classtype:trojan-activity;sid:83672232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809135)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809135/; classtype:trojan-activity;sid:83672235; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809127)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.114.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809127/; classtype:trojan-activity;sid:83672227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809128)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.32.86.42"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809128/; classtype:trojan-activity;sid:83672228; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809129)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.71.131.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809129/; classtype:trojan-activity;sid:83672229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809122)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.193.97.155"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809122/; classtype:trojan-activity;sid:83672222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809123)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.254.255.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809123/; classtype:trojan-activity;sid:83672223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809124)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.125.14.237"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809124/; classtype:trojan-activity;sid:83672224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809125)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.182.90.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809125/; classtype:trojan-activity;sid:83672225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809115)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.94.29.82"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809115/; classtype:trojan-activity;sid:83672215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809116)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.38.60.246"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809116/; classtype:trojan-activity;sid:83672216; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809117)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.120.99"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809117/; classtype:trojan-activity;sid:83672217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809118)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.235.189.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809118/; classtype:trojan-activity;sid:83672218; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809119)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.95.60"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809119/; classtype:trojan-activity;sid:83672219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809120)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"116.58.83.76"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809120/; classtype:trojan-activity;sid:83672220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809107)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.50.10.30"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809107/; classtype:trojan-activity;sid:83672207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809108)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.120.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809108/; classtype:trojan-activity;sid:83672208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809111)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.97.202.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809111/; classtype:trojan-activity;sid:83672211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809112)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809112/; classtype:trojan-activity;sid:83672212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809113)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.43.201.109"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809113/; classtype:trojan-activity;sid:83672213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809102)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.87.236.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809102/; classtype:trojan-activity;sid:83672202; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809105)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.7.153.18"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809105/; classtype:trojan-activity;sid:83672205; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809097)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.165.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809097/; classtype:trojan-activity;sid:83672197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809099)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.56.164.74"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809099/; classtype:trojan-activity;sid:83672199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809100)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.121.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809100/; classtype:trojan-activity;sid:83672200; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809092)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.185.20.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809092/; classtype:trojan-activity;sid:83672192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809095)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.151.82.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809095/; classtype:trojan-activity;sid:83672195; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809084)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"121.200.63.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809084/; classtype:trojan-activity;sid:83672184; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809088)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.112.168"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809088/; classtype:trojan-activity;sid:83672188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809089)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.251.5.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809089/; classtype:trojan-activity;sid:83672189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809090/; classtype:trojan-activity;sid:83672190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809091)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.200.72.26"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809091/; classtype:trojan-activity;sid:83672191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809080)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.78.36.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809080/; classtype:trojan-activity;sid:83672180; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809081)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.165.21.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809081/; classtype:trojan-activity;sid:83672181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809069)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.156.169.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809069/; classtype:trojan-activity;sid:83672169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809070)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"191.103.250.193"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809070/; classtype:trojan-activity;sid:83672170; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809071)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.158.175.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809071/; classtype:trojan-activity;sid:83672171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809073)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.132"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809073/; classtype:trojan-activity;sid:83672173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809075)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.112.153.78"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809075/; classtype:trojan-activity;sid:83672175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809076)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.176.138.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809076/; classtype:trojan-activity;sid:83672176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809077)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"151.248.56.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809077/; classtype:trojan-activity;sid:83672177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809064)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.18.28.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809064/; classtype:trojan-activity;sid:83672164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809065)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.156.143.242"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809065/; classtype:trojan-activity;sid:83672165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809059)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.181.0.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809059/; classtype:trojan-activity;sid:83672159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809061)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.158.121.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809061/; classtype:trojan-activity;sid:83672161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809056)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.240.37.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809056/; classtype:trojan-activity;sid:83672156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809054)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.222.45.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809054/; classtype:trojan-activity;sid:83672154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809051)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.6.184.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809051/; classtype:trojan-activity;sid:83672151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809052)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.117.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809052/; classtype:trojan-activity;sid:83672152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809010)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.36.80.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809010/; classtype:trojan-activity;sid:83672110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809011)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.29.19.18"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809011/; classtype:trojan-activity;sid:83672111; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809006)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.194"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809006/; classtype:trojan-activity;sid:83672106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809007)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"96.92.116.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809007/; classtype:trojan-activity;sid:83672107; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809009)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.207.249.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809009/; classtype:trojan-activity;sid:83672109; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809001)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.37.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809001/; classtype:trojan-activity;sid:83672101; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809003)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.70.237.191"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809003/; classtype:trojan-activity;sid:83672103; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809004)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"165.165.183.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809004/; classtype:trojan-activity;sid:83672104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809005)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.33"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809005/; classtype:trojan-activity;sid:83672105; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808999)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"141.105.87.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808999/; classtype:trojan-activity;sid:83672099; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2809000)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.13.143.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2809000/; classtype:trojan-activity;sid:83672100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808994)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.72.31.77"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808994/; classtype:trojan-activity;sid:83672094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808997)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"14.102.18.162"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808997/; classtype:trojan-activity;sid:83672097; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808991)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.70.115.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808991/; classtype:trojan-activity;sid:83672091; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808993)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.18.145.147"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808993/; classtype:trojan-activity;sid:83672093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808984)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.212.51.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808984/; classtype:trojan-activity;sid:83672084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808985)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.28.11.111"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808985/; classtype:trojan-activity;sid:83672085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808986)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.228.135.75"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808986/; classtype:trojan-activity;sid:83672086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808980)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.61.246.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808980/; classtype:trojan-activity;sid:83672080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808981)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.131.153"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808981/; classtype:trojan-activity;sid:83672081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808982)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"120.31.135.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808982/; classtype:trojan-activity;sid:83672082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808983)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.126.176.192"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808983/; classtype:trojan-activity;sid:83672083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808972)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.237.157.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808972/; classtype:trojan-activity;sid:83672072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808973)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.19.174.250"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808973/; classtype:trojan-activity;sid:83672073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808974)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.186.156.210"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808974/; classtype:trojan-activity;sid:83672074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808975)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.184.84.106"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808975/; classtype:trojan-activity;sid:83672075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808977)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.68.79.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808977/; classtype:trojan-activity;sid:83672077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808971)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.229.122"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808971/; classtype:trojan-activity;sid:83672071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808961)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.102.53.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808961/; classtype:trojan-activity;sid:83672061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808962)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.170.251.9"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808962/; classtype:trojan-activity;sid:83672062; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808963)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808963/; classtype:trojan-activity;sid:83672063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808964)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.57.183.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808964/; classtype:trojan-activity;sid:83672064; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808965)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.77.150.79"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808965/; classtype:trojan-activity;sid:83672065; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808966)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.210.50.116"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808966/; classtype:trojan-activity;sid:83672066; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808967)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.57.33.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808967/; classtype:trojan-activity;sid:83672067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808968)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.79.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808968/; classtype:trojan-activity;sid:83672068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808969)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.102.53.85"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808969/; classtype:trojan-activity;sid:83672069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808970)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.192.78.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808970/; classtype:trojan-activity;sid:83672070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808954)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.208.68.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808954/; classtype:trojan-activity;sid:83672054; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808955)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.105.159.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808955/; classtype:trojan-activity;sid:83672055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808957)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.157.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808957/; classtype:trojan-activity;sid:83672057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808959)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.4.29.69"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808959/; classtype:trojan-activity;sid:83672059; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808960)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.101.239.41"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808960/; classtype:trojan-activity;sid:83672060; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808951)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.4.147.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808951/; classtype:trojan-activity;sid:83672051; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808953)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.174.186"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808953/; classtype:trojan-activity;sid:83672053; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808948)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.210.218"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808948/; classtype:trojan-activity;sid:83672048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808950)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"119.252.167.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808950/; classtype:trojan-activity;sid:83672050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808947)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808947/; classtype:trojan-activity;sid:83672047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808940)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.1.93.208"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808940/; classtype:trojan-activity;sid:83672040; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808943)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.238.118.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808943/; classtype:trojan-activity;sid:83672043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808944)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"114.7.160.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808944/; classtype:trojan-activity;sid:83672044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808945)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.49.214.145"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808945/; classtype:trojan-activity;sid:83672045; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808946)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.121.161.31"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808946/; classtype:trojan-activity;sid:83672046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808929)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.245.112.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808929/; classtype:trojan-activity;sid:83672029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808931)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.208.145.49"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808931/; classtype:trojan-activity;sid:83672031; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808932)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.232.241.143"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808932/; classtype:trojan-activity;sid:83672032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808933)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.101.81.142"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808933/; classtype:trojan-activity;sid:83672033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808934)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.65.50.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808934/; classtype:trojan-activity;sid:83672034; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808935)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.227.118.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808935/; classtype:trojan-activity;sid:83672035; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808936)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.18.223.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808936/; classtype:trojan-activity;sid:83672036; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808937)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808937/; classtype:trojan-activity;sid:83672037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808939)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.188.254.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808939/; classtype:trojan-activity;sid:83672039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808924)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.162.113.34"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808924/; classtype:trojan-activity;sid:83672024; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808926)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.253.241.253"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808926/; classtype:trojan-activity;sid:83672026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808927)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.70.245.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808927/; classtype:trojan-activity;sid:83672027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808915)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808915/; classtype:trojan-activity;sid:83672015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808916)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.209.164.96"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808916/; classtype:trojan-activity;sid:83672016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808917)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"69.70.215.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808917/; classtype:trojan-activity;sid:83672017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808918)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.7.126"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808918/; classtype:trojan-activity;sid:83672018; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808920)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.115.232.230"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808920/; classtype:trojan-activity;sid:83672020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808914)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.123.49.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808914/; classtype:trojan-activity;sid:83672014; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808906)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.151.29.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808906/; classtype:trojan-activity;sid:83672006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808907)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"154.84.212.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808907/; classtype:trojan-activity;sid:83672007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808909)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808909/; classtype:trojan-activity;sid:83672009; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808910)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.154.135.81"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808910/; classtype:trojan-activity;sid:83672010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808911)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.74.128.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808911/; classtype:trojan-activity;sid:83672011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808912)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.189.199.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808912/; classtype:trojan-activity;sid:83672012; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808902)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.99.201.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808902/; classtype:trojan-activity;sid:83672002; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808905)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.99.218.152"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808905/; classtype:trojan-activity;sid:83672005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808892)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.120.245.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808892/; classtype:trojan-activity;sid:83671992; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808895)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808895/; classtype:trojan-activity;sid:83671995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808897)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.195.160.182"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808897/; classtype:trojan-activity;sid:83671997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808898)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.12.60.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808898/; classtype:trojan-activity;sid:83671998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808899)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"70.166.80.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808899/; classtype:trojan-activity;sid:83671999; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808900)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.64.96.209"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808900/; classtype:trojan-activity;sid:83672000; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808889)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.193.118.248"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808889/; classtype:trojan-activity;sid:83671989; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808890)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.202.245.6"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808890/; classtype:trojan-activity;sid:83671990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808888)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.95.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808888/; classtype:trojan-activity;sid:83671988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808882)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.144.235.42"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808882/; classtype:trojan-activity;sid:83671982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808883)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808883/; classtype:trojan-activity;sid:83671983; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808879)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.184.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808879/; classtype:trojan-activity;sid:83671979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808880)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.48.119.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808880/; classtype:trojan-activity;sid:83671980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808877)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808877/; classtype:trojan-activity;sid:83671977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808872)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"122.201.25.95"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808872/; classtype:trojan-activity;sid:83671972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808873)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.16.75.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808873/; classtype:trojan-activity;sid:83671973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808864)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.93.177.61"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808864/; classtype:trojan-activity;sid:83671964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808865)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"164.215.113.22"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808865/; classtype:trojan-activity;sid:83671965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808866)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.127.49.130"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808866/; classtype:trojan-activity;sid:83671966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808868)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.130.41.248"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808868/; classtype:trojan-activity;sid:83671968; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808869)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.42"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808869/; classtype:trojan-activity;sid:83671969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808870)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.52.164.170"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808870/; classtype:trojan-activity;sid:83671970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808863)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.201.136.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808863/; classtype:trojan-activity;sid:83671963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808858)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.89.229"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808858/; classtype:trojan-activity;sid:83671958; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808861)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.78.118.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808861/; classtype:trojan-activity;sid:83671961; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808862)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.234.253.53"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808862/; classtype:trojan-activity;sid:83671962; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808850)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.42.113.6"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808850/; classtype:trojan-activity;sid:83671950; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808851)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.11.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808851/; classtype:trojan-activity;sid:83671951; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808852)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"189.204.177.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808852/; classtype:trojan-activity;sid:83671952; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808853)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.34.22.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808853/; classtype:trojan-activity;sid:83671953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808854)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.44.110.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808854/; classtype:trojan-activity;sid:83671954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808855)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808855/; classtype:trojan-activity;sid:83671955; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808856)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.202.9.242"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808856/; classtype:trojan-activity;sid:83671956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808845)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"5.102.53.75"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808845/; classtype:trojan-activity;sid:83671945; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808848)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.4.139"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808848/; classtype:trojan-activity;sid:83671948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808841/; classtype:trojan-activity;sid:83671941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808842)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.116"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808842/; classtype:trojan-activity;sid:83671942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808843)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.250.202.102"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808843/; classtype:trojan-activity;sid:83671943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808840)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.114.174"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808840/; classtype:trojan-activity;sid:83671940; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808832)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.4.110.130"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808832/; classtype:trojan-activity;sid:83671932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808833)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.236.113.246"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808833/; classtype:trojan-activity;sid:83671933; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808835)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.93.92.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808835/; classtype:trojan-activity;sid:83671935; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808836)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.198"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808836/; classtype:trojan-activity;sid:83671936; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808837)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.72.153.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808837/; classtype:trojan-activity;sid:83671937; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808839)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.214.31.179"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808839/; classtype:trojan-activity;sid:83671939; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808823)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.245.10.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808823/; classtype:trojan-activity;sid:83671923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808825)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"137.119.38.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808825/; classtype:trojan-activity;sid:83671925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808826)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.189.172.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808826/; classtype:trojan-activity;sid:83671926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808827)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808827/; classtype:trojan-activity;sid:83671927; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808828)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.136.151.68"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808828/; classtype:trojan-activity;sid:83671928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808829)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.78.254.83"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808829/; classtype:trojan-activity;sid:83671929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808831)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"177.52.67.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808831/; classtype:trojan-activity;sid:83671931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808815)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.229.82.222"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808815/; classtype:trojan-activity;sid:83671915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808817)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.123.37.229"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808817/; classtype:trojan-activity;sid:83671917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808819)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.83.121"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808819/; classtype:trojan-activity;sid:83671919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808820)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.112.158"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808820/; classtype:trojan-activity;sid:83671920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808811)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.255.103.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808811/; classtype:trojan-activity;sid:83671911; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808814)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.154.93.81"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808814/; classtype:trojan-activity;sid:83671914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808804)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.241.113.151"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808804/; classtype:trojan-activity;sid:83671904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808806)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.86.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808806/; classtype:trojan-activity;sid:83671906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808808)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808808/; classtype:trojan-activity;sid:83671908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808809)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"194.187.151.189"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808809/; classtype:trojan-activity;sid:83671909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808799)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.210.197.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808799/; classtype:trojan-activity;sid:83671899; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808801)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.243.216.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808801/; classtype:trojan-activity;sid:83671901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808802)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808802/; classtype:trojan-activity;sid:83671902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808791)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.131.104.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808791/; classtype:trojan-activity;sid:83671891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808792)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808792/; classtype:trojan-activity;sid:83671892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808793)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.164.252.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808793/; classtype:trojan-activity;sid:83671893; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808794)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.122.211.138"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808794/; classtype:trojan-activity;sid:83671894; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808795)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"150.107.205.29"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808795/; classtype:trojan-activity;sid:83671895; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808796)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.195.162"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808796/; classtype:trojan-activity;sid:83671896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808797)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.20.51.118"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808797/; classtype:trojan-activity;sid:83671897; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808798)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.217.148.227"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808798/; classtype:trojan-activity;sid:83671898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808786)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.83.248.9"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808786/; classtype:trojan-activity;sid:83671886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808787)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.170.48.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808787/; classtype:trojan-activity;sid:83671887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808788)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"163.47.209.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808788/; classtype:trojan-activity;sid:83671888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808790)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.5.36.243"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808790/; classtype:trojan-activity;sid:83671890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808783)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.84.143.178"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808783/; classtype:trojan-activity;sid:83671883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808784)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808784/; classtype:trojan-activity;sid:83671884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808785)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.148.112.178"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808785/; classtype:trojan-activity;sid:83671885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808777)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.242.149.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808777/; classtype:trojan-activity;sid:83671877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808778)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.173.163.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808778/; classtype:trojan-activity;sid:83671878; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808781)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.120.241.207"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808781/; classtype:trojan-activity;sid:83671881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808782)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.24.131.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808782/; classtype:trojan-activity;sid:83671882; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808770)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.43.34.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808770/; classtype:trojan-activity;sid:83671870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808771)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.165.79.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808771/; classtype:trojan-activity;sid:83671871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808773)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.91.150.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808773/; classtype:trojan-activity;sid:83671873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808774)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"175.111.182.237"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808774/; classtype:trojan-activity;sid:83671874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808760)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"196.202.220.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808760/; classtype:trojan-activity;sid:83671860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808761)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"197.210.198.190"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808761/; classtype:trojan-activity;sid:83671861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808763)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"186.46.57.113"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808763/; classtype:trojan-activity;sid:83671863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808765)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.106.27.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808765/; classtype:trojan-activity;sid:83671865; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808767)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.139.153.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808767/; classtype:trojan-activity;sid:83671867; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808756)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"178.34.183.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808756/; classtype:trojan-activity;sid:83671856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808759)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.10.63.218"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808759/; classtype:trojan-activity;sid:83671859; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808754)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.17.23.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808754/; classtype:trojan-activity;sid:83671854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808746)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.175.42.206"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808746/; classtype:trojan-activity;sid:83671846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808747)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.75.222.27"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808747/; classtype:trojan-activity;sid:83671847; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808748)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"83.147.93.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808748/; classtype:trojan-activity;sid:83671848; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808751)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.120.98.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808751/; classtype:trojan-activity;sid:83671851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808741)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.51.168.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808741/; classtype:trojan-activity;sid:83671841; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808743)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.215.69.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808743/; classtype:trojan-activity;sid:83671843; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808744)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.84.131.154"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808744/; classtype:trojan-activity;sid:83671844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808735)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.111.116.96"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808735/; classtype:trojan-activity;sid:83671835; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808737)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.159.74.226"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808737/; classtype:trojan-activity;sid:83671837; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808738)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.71.191.178"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808738/; classtype:trojan-activity;sid:83671838; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808739)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.197.107.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808739/; classtype:trojan-activity;sid:83671839; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808722)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"179.43.98.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808722/; classtype:trojan-activity;sid:83671822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808724)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.244.120.222"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808724/; classtype:trojan-activity;sid:83671824; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808726)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.225.175.223"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808726/; classtype:trojan-activity;sid:83671826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808729)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.192.33.128"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808729/; classtype:trojan-activity;sid:83671829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808731)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.13.221.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808731/; classtype:trojan-activity;sid:83671831; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808720)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.248.46.120"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808720/; classtype:trojan-activity;sid:83671820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808721)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.28.66"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808721/; classtype:trojan-activity;sid:83671821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808707)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.107.231.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808707/; classtype:trojan-activity;sid:83671807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808708)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.17.248.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808708/; classtype:trojan-activity;sid:83671808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808710)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.113.124.155"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808710/; classtype:trojan-activity;sid:83671810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808712)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"200.105.205.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808712/; classtype:trojan-activity;sid:83671812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808713)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"12.148.208.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808713/; classtype:trojan-activity;sid:83671813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808716)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.73.121.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808716/; classtype:trojan-activity;sid:83671816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808717)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"181.129.106.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808717/; classtype:trojan-activity;sid:83671817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808705)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"115.42.121.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808705/; classtype:trojan-activity;sid:83671805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808700)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.5.200.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808700/; classtype:trojan-activity;sid:83671800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808701)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.176.7.134"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808701/; classtype:trojan-activity;sid:83671801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808702)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808702/; classtype:trojan-activity;sid:83671802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808703)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.116.219.164"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808703/; classtype:trojan-activity;sid:83671803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808704)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.144.62"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808704/; classtype:trojan-activity;sid:83671804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808697)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808697/; classtype:trojan-activity;sid:83671797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808674)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/766/979/original/new_image_vbs.jpg"; http_uri; depth:46; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808674/; classtype:trojan-activity;sid:83671774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808673)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/766/978/full/new_image_vbs.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808673/; classtype:trojan-activity;sid:83671773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808659)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"87.120.179.196"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808659/; classtype:trojan-activity;sid:83671759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808652)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"110.34.7.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808652/; classtype:trojan-activity;sid:83671752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808646)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808646/; classtype:trojan-activity;sid:83671746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808644)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.131.244.202"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808644/; classtype:trojan-activity;sid:83671744; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808643)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"82.212.109.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808643/; classtype:trojan-activity;sid:83671743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808637)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"202.191.123.196"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808637/; classtype:trojan-activity;sid:83671737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808638)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.20.63.220"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808638/; classtype:trojan-activity;sid:83671738; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808639)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.23.219"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808639/; classtype:trojan-activity;sid:83671739; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"190.205.35.203"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808640/; classtype:trojan-activity;sid:83671740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808636)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.253.60.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808636/; classtype:trojan-activity;sid:83671736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808631)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.97"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808631/; classtype:trojan-activity;sid:83671731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808632)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.165.172.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808632/; classtype:trojan-activity;sid:83671732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808633)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"180.92.233.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808633/; classtype:trojan-activity;sid:83671733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808624)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"223.17.9.188"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808624/; classtype:trojan-activity;sid:83671724; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808625)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"146.66.164.51"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808625/; classtype:trojan-activity;sid:83671725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808628)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.127.76.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808628/; classtype:trojan-activity;sid:83671728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808622)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.218.139.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808622/; classtype:trojan-activity;sid:83671722; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808616)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"210.4.69.226"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808616/; classtype:trojan-activity;sid:83671716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808618)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"201.234.151.229"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808618/; classtype:trojan-activity;sid:83671718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808620)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"174.7.42.250"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808620/; classtype:trojan-activity;sid:83671720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808614)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.252.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808614/; classtype:trojan-activity;sid:83671714; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808615)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"176.98.13.44"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808615/; classtype:trojan-activity;sid:83671715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808608)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.140.156.134"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808608/; classtype:trojan-activity;sid:83671708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808609)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.120.173.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808609/; classtype:trojan-activity;sid:83671709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808610)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.6.74.138"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808610/; classtype:trojan-activity;sid:83671710; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808603)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"195.218.152.38"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808603/; classtype:trojan-activity;sid:83671703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808604)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808604/; classtype:trojan-activity;sid:83671704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808605)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.40.54.142"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808605/; classtype:trojan-activity;sid:83671705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808606)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"217.171.55.168"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808606/; classtype:trojan-activity;sid:83671706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808607)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"182.93.84.57"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808607/; classtype:trojan-activity;sid:83671707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808594)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"203.80.244.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808594/; classtype:trojan-activity;sid:83671694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808595)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"212.237.112.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808595/; classtype:trojan-activity;sid:83671695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808599)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.92.82.180"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808599/; classtype:trojan-activity;sid:83671699; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808589)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.43.7.93"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808589/; classtype:trojan-activity;sid:83671689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808590)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.144.17"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808590/; classtype:trojan-activity;sid:83671690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808592)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"219.79.119.50"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808592/; classtype:trojan-activity;sid:83671692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808585)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"143.208.36.11"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808585/; classtype:trojan-activity;sid:83671685; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808586)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808586/; classtype:trojan-activity;sid:83671686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808579)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.11.95.13"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808579/; classtype:trojan-activity;sid:83671679; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808580)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.70.198.93"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808580/; classtype:trojan-activity;sid:83671680; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808565)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"58.115.174.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808565/; classtype:trojan-activity;sid:83671665; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808566)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.41.91.37"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808566/; classtype:trojan-activity;sid:83671666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808561)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.0.4.86"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808561/; classtype:trojan-activity;sid:83671661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808562)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.7.27.90"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808562/; classtype:trojan-activity;sid:83671662; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808555)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.181.44.208"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808555/; classtype:trojan-activity;sid:83671655; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808556)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.218.172.134"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808556/; classtype:trojan-activity;sid:83671656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808557)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.118.45.13"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808557/; classtype:trojan-activity;sid:83671657; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808558)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.20.234.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808558/; classtype:trojan-activity;sid:83671658; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808560)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.186.54.203"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808560/; classtype:trojan-activity;sid:83671660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808539)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.117.189.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808539/; classtype:trojan-activity;sid:83671639; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808540)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808540/; classtype:trojan-activity;sid:83671640; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808542)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808542/; classtype:trojan-activity;sid:83671642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808545)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.189.222.80"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808545/; classtype:trojan-activity;sid:83671645; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808546)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"62.141.122.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808546/; classtype:trojan-activity;sid:83671646; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808547)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.98.156.7"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808547/; classtype:trojan-activity;sid:83671647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808548)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.18.162.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808548/; classtype:trojan-activity;sid:83671648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808549)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.101.187.226"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808549/; classtype:trojan-activity;sid:83671649; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808550)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.239.22.123"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808550/; classtype:trojan-activity;sid:83671650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808551)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808551/; classtype:trojan-activity;sid:83671651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808552)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.29.147.122"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808552/; classtype:trojan-activity;sid:83671652; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808533)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808533/; classtype:trojan-activity;sid:83671633; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808535)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.131"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808535/; classtype:trojan-activity;sid:83671635; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808536)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.115.254.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808536/; classtype:trojan-activity;sid:83671636; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808538)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"107.1.208.106"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808538/; classtype:trojan-activity;sid:83671638; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808530)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"76.125.13.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808530/; classtype:trojan-activity;sid:83671630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808532)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.21.192.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808532/; classtype:trojan-activity;sid:83671632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808528)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.50.7.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808528/; classtype:trojan-activity;sid:83671628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808519)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.93.53.193"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808519/; classtype:trojan-activity;sid:83671619; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808520)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808520/; classtype:trojan-activity;sid:83671620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808521)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.218.136"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808521/; classtype:trojan-activity;sid:83671621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808522)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.140.176.228"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808522/; classtype:trojan-activity;sid:83671622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808523)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.110.151.212"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808523/; classtype:trojan-activity;sid:83671623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808524)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.80.104"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808524/; classtype:trojan-activity;sid:83671624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808525)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.205.90.51"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808525/; classtype:trojan-activity;sid:83671625; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808526)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.186.253"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808526/; classtype:trojan-activity;sid:83671626; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808511)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.244.112.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808511/; classtype:trojan-activity;sid:83671611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808512)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.193.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808512/; classtype:trojan-activity;sid:83671612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808513)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.255.103.180"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808513/; classtype:trojan-activity;sid:83671613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808515/; classtype:trojan-activity;sid:83671615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808517)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.185.49.15"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808517/; classtype:trojan-activity;sid:83671617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.28.58.81"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808518/; classtype:trojan-activity;sid:83671618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808503)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.81.24.84"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808503/; classtype:trojan-activity;sid:83671603; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808504)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.187.82.120"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808504/; classtype:trojan-activity;sid:83671604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808506)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.78.106.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808506/; classtype:trojan-activity;sid:83671606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808507)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.140.36.114"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808507/; classtype:trojan-activity;sid:83671607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808508)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.164.18.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808508/; classtype:trojan-activity;sid:83671608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808501)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.229.92.219"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808501/; classtype:trojan-activity;sid:83671601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808502)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.111.119.241"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808502/; classtype:trojan-activity;sid:83671602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808494)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.238.231.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808494/; classtype:trojan-activity;sid:83671594; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808495)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.251.197"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808495/; classtype:trojan-activity;sid:83671595; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808496)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808496/; classtype:trojan-activity;sid:83671596; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808489)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.89.178.102"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808489/; classtype:trojan-activity;sid:83671589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808490)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.84.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808490/; classtype:trojan-activity;sid:83671590; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808492)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.90.207.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808492/; classtype:trojan-activity;sid:83671592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808484)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.63.108.167"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808484/; classtype:trojan-activity;sid:83671584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808485)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.19.172.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808485/; classtype:trojan-activity;sid:83671585; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808486)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.199.144.65"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808486/; classtype:trojan-activity;sid:83671586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808487)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.235.185.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808487/; classtype:trojan-activity;sid:83671587; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808488)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.199.42.31"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808488/; classtype:trojan-activity;sid:83671588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808481)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808481/; classtype:trojan-activity;sid:83671581; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808482/; classtype:trojan-activity;sid:83671582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808475)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.69.88.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808475/; classtype:trojan-activity;sid:83671575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808476)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.183.45.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808476/; classtype:trojan-activity;sid:83671576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808479)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.191.143.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808479/; classtype:trojan-activity;sid:83671579; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808465)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.144.246.8"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808465/; classtype:trojan-activity;sid:83671565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808467)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.139.154"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808467/; classtype:trojan-activity;sid:83671567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808468)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808468/; classtype:trojan-activity;sid:83671568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808470)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.105.9"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808470/; classtype:trojan-activity;sid:83671570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808473)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"92.247.68.142"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808473/; classtype:trojan-activity;sid:83671573; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808474)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808474/; classtype:trojan-activity;sid:83671574; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808461)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.174.82.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808461/; classtype:trojan-activity;sid:83671561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808462)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"1.55.243.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808462/; classtype:trojan-activity;sid:83671562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808463)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"59.55.124.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808463/; classtype:trojan-activity;sid:83671563; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808464)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.167.196.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808464/; classtype:trojan-activity;sid:83671564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808455)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"71.42.105.40"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808455/; classtype:trojan-activity;sid:83671555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808456)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.202.83.200"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808456/; classtype:trojan-activity;sid:83671556; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808457)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.17.61.236"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808457/; classtype:trojan-activity;sid:83671557; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808458)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.174.143.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808458/; classtype:trojan-activity;sid:83671558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808459)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"94.154.84.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808459/; classtype:trojan-activity;sid:83671559; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808460)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.4.199"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808460/; classtype:trojan-activity;sid:83671560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808451)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"101.58.83.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808451/; classtype:trojan-activity;sid:83671551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808452)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.30"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808452/; classtype:trojan-activity;sid:83671552; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808448)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.92.143.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808448/; classtype:trojan-activity;sid:83671548; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808431)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808431/; classtype:trojan-activity;sid:83671531; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808434)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.237.174.27"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808434/; classtype:trojan-activity;sid:83671534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808436)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.118.104.33"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808436/; classtype:trojan-activity;sid:83671536; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808440)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.180.176.225"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808440/; classtype:trojan-activity;sid:83671540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808441)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.235.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808441/; classtype:trojan-activity;sid:83671541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808442)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.25.214.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808442/; classtype:trojan-activity;sid:83671542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808443)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.0.136.2"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808443/; classtype:trojan-activity;sid:83671543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808444)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.16.247.69"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808444/; classtype:trojan-activity;sid:83671544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808445)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.156.46.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808445/; classtype:trojan-activity;sid:83671545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808422)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.127.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808422/; classtype:trojan-activity;sid:83671522; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808423)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808423/; classtype:trojan-activity;sid:83671523; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808424)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"77.89.199.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808424/; classtype:trojan-activity;sid:83671524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808425)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.246.214.25"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808425/; classtype:trojan-activity;sid:83671525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808426)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.212.237.34"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808426/; classtype:trojan-activity;sid:83671526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808428)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.54.179.50"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808428/; classtype:trojan-activity;sid:83671528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808429)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.174.152.29"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808429/; classtype:trojan-activity;sid:83671529; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808430)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.73.70.114"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808430/; classtype:trojan-activity;sid:83671530; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808413)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.209.255.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808413/; classtype:trojan-activity;sid:83671513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808414)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.71.59.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808414/; classtype:trojan-activity;sid:83671514; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808416)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.119.100"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808416/; classtype:trojan-activity;sid:83671516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808417)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.168.49"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808417/; classtype:trojan-activity;sid:83671517; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808418)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.216.28.112"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808418/; classtype:trojan-activity;sid:83671518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808419)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"31.182.115.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808419/; classtype:trojan-activity;sid:83671519; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808420)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"37.194.25.119"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808420/; classtype:trojan-activity;sid:83671520; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808421)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.249.54.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808421/; classtype:trojan-activity;sid:83671521; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808409)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.142.169.22"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808409/; classtype:trojan-activity;sid:83671509; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808406)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.221.254.140"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808406/; classtype:trojan-activity;sid:83671506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808408)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.91.171.37"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808408/; classtype:trojan-activity;sid:83671508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808405)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.59.233"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808405/; classtype:trojan-activity;sid:83671505; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808400)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"91.195.100.69"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808400/; classtype:trojan-activity;sid:83671500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808401)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"84.242.124.68"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808401/; classtype:trojan-activity;sid:83671501; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808402)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"51.182.145.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808402/; classtype:trojan-activity;sid:83671502; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808403)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.91.96.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808403/; classtype:trojan-activity;sid:83671503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808389)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.66.174.189"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808389/; classtype:trojan-activity;sid:83671489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808390)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"47.50.169.82"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808390/; classtype:trojan-activity;sid:83671490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808391)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.211.107.87"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808391/; classtype:trojan-activity;sid:83671491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808396)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.89.240.75"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808396/; classtype:trojan-activity;sid:83671496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.57.121.123"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808397/; classtype:trojan-activity;sid:83671497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808376)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"90.182.214.197"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808376/; classtype:trojan-activity;sid:83671476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.159.72.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808377/; classtype:trojan-activity;sid:83671477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808379)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.165.192.3"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808379/; classtype:trojan-activity;sid:83671479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808380)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.230.158.26"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808380/; classtype:trojan-activity;sid:83671480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808383)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"89.190.76.126"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808383/; classtype:trojan-activity;sid:83671483; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808384)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"104.192.201.206"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808384/; classtype:trojan-activity;sid:83671484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808387)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.70.204.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808387/; classtype:trojan-activity;sid:83671487; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808388)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"86.38.171.81"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808388/; classtype:trojan-activity;sid:83671488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808369)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"88.80.242.177"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808369/; classtype:trojan-activity;sid:83671469; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808371)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808371/; classtype:trojan-activity;sid:83671471; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808373)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808373/; classtype:trojan-activity;sid:83671473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808374)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"98.103.171.36"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808374/; classtype:trojan-activity;sid:83671474; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808365)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"81.213.157.86"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808365/; classtype:trojan-activity;sid:83671465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808366)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.170.114.70"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808366/; classtype:trojan-activity;sid:83671466; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808367)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.188.48.90"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808367/; classtype:trojan-activity;sid:83671467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808361)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"93.39.116.233"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808361/; classtype:trojan-activity;sid:83671461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808345)"; flow:established,from_client; content:"GET"; http_method; content:"/server.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"43.226.35.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808345/; classtype:trojan-activity;sid:83671445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808344)"; flow:established,from_client; content:"GET"; http_method; content:"/svchoste.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.226.35.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808344/; classtype:trojan-activity;sid:83671444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808340)"; flow:established,from_client; content:"GET"; http_method; content:"/explores.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"43.226.35.175"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808340/; classtype:trojan-activity;sid:83671440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808309)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808309/; classtype:trojan-activity;sid:83671409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808299)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"60.246.119.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808299/; classtype:trojan-activity;sid:83671399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808303)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808303/; classtype:trojan-activity;sid:83671403; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808304)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808304/; classtype:trojan-activity;sid:83671404; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808306)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808306/; classtype:trojan-activity;sid:83671406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808307)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808307/; classtype:trojan-activity;sid:83671407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808308)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808308/; classtype:trojan-activity;sid:83671408; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808284/; classtype:trojan-activity;sid:83671384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808286)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808286/; classtype:trojan-activity;sid:83671386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808287)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808287/; classtype:trojan-activity;sid:83671387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808288)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.119.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808288/; classtype:trojan-activity;sid:83671388; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808289)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808289/; classtype:trojan-activity;sid:83671389; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808291)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808291/; classtype:trojan-activity;sid:83671391; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808281)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808281/; classtype:trojan-activity;sid:83671381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808271)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808271/; classtype:trojan-activity;sid:83671371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808273)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808273/; classtype:trojan-activity;sid:83671373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808274)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808274/; classtype:trojan-activity;sid:83671374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808275)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808275/; classtype:trojan-activity;sid:83671375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808276)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808276/; classtype:trojan-activity;sid:83671376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808277)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808277/; classtype:trojan-activity;sid:83671377; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808278)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808278/; classtype:trojan-activity;sid:83671378; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808279)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808279/; classtype:trojan-activity;sid:83671379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808263)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808263/; classtype:trojan-activity;sid:83671363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808264)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808264/; classtype:trojan-activity;sid:83671364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808268)"; flow:established,from_client; content:"GET"; http_method; content:"/aqua.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808268/; classtype:trojan-activity;sid:83671368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808269)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.78.106.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808269/; classtype:trojan-activity;sid:83671369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808231)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808231/; classtype:trojan-activity;sid:83671331; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808233)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808233/; classtype:trojan-activity;sid:83671333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808234)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808234/; classtype:trojan-activity;sid:83671334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808236)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808236/; classtype:trojan-activity;sid:83671336; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808239)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.119.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808239/; classtype:trojan-activity;sid:83671339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808240)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808240/; classtype:trojan-activity;sid:83671340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808241)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808241/; classtype:trojan-activity;sid:83671341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808242)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808242/; classtype:trojan-activity;sid:83671342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808244)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808244/; classtype:trojan-activity;sid:83671344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808245)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808245/; classtype:trojan-activity;sid:83671345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808246)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808246/; classtype:trojan-activity;sid:83671346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808247)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808247/; classtype:trojan-activity;sid:83671347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808248)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808248/; classtype:trojan-activity;sid:83671348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808250)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808250/; classtype:trojan-activity;sid:83671350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808251)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808251/; classtype:trojan-activity;sid:83671351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808252)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.78.106.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808252/; classtype:trojan-activity;sid:83671352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808225)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808225/; classtype:trojan-activity;sid:83671325; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808226)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808226/; classtype:trojan-activity;sid:83671326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808216)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808216/; classtype:trojan-activity;sid:83671316; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808219)"; flow:established,from_client; content:"GET"; http_method; content:"/o"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808219/; classtype:trojan-activity;sid:83671319; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808221)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808221/; classtype:trojan-activity;sid:83671321; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808222/; classtype:trojan-activity;sid:83671322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808224)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808224/; classtype:trojan-activity;sid:83671324; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808214)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808214/; classtype:trojan-activity;sid:83671314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808199)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.78.215.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808199/; classtype:trojan-activity;sid:83671299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808198)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808198/; classtype:trojan-activity;sid:83671298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808186)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"67.78.106.21"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808186/; classtype:trojan-activity;sid:83671286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808187)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808187/; classtype:trojan-activity;sid:83671287; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808188)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"60.246.119.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808188/; classtype:trojan-activity;sid:83671288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808189)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"79.120.54.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808189/; classtype:trojan-activity;sid:83671289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.190.70.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808190/; classtype:trojan-activity;sid:83671290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808191)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808191/; classtype:trojan-activity;sid:83671291; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808193)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.91.125.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808193/; classtype:trojan-activity;sid:83671293; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808195)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.64.219.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808195/; classtype:trojan-activity;sid:83671295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808196)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"36.67.66.178"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808196/; classtype:trojan-activity;sid:83671296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808173)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808173/; classtype:trojan-activity;sid:83671273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808175)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808175/; classtype:trojan-activity;sid:83671275; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808176)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808176/; classtype:trojan-activity;sid:83671276; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808177)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"102.141.234.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808177/; classtype:trojan-activity;sid:83671277; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808178)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.255.187.190"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808178/; classtype:trojan-activity;sid:83671278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808179)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.139.121.189"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808179/; classtype:trojan-activity;sid:83671279; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808180)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808180/; classtype:trojan-activity;sid:83671280; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808181)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"41.79.233.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808181/; classtype:trojan-activity;sid:83671281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808183)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"43.224.0.5"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808183/; classtype:trojan-activity;sid:83671283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808184)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"46.229.139.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808184/; classtype:trojan-activity;sid:83671284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808169)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808169/; classtype:trojan-activity;sid:83671269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808160)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808160/; classtype:trojan-activity;sid:83671260; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808161)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.171.30.19"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808161/; classtype:trojan-activity;sid:83671261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808149)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808149/; classtype:trojan-activity;sid:83671249; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808148)"; flow:established,from_client; content:"GET"; http_method; content:"/fscan-main.zip"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808148/; classtype:trojan-activity;sid:83671248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808142)"; flow:established,from_client; content:"GET"; http_method; content:"/mq_poc1.xml"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808142/; classtype:trojan-activity;sid:83671242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808143)"; flow:established,from_client; content:"GET"; http_method; content:"/mq_poc.xml"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808143/; classtype:trojan-activity;sid:83671243; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808144)"; flow:established,from_client; content:"GET"; http_method; content:"/pass1.gif%3f.aspx"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808144/; classtype:trojan-activity;sid:83671244; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808145)"; flow:established,from_client; content:"GET"; http_method; content:"/qq.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808145/; classtype:trojan-activity;sid:83671245; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2808139)"; flow:established,from_client; content:"GET"; http_method; content:"/proxytool.zip"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"121.196.200.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2808139/; classtype:trojan-activity;sid:83671239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807770)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.54.98.51"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_11; reference:url, urlhaus.abuse.ch/url/2807770/; classtype:trojan-activity;sid:83670870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807559)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807559/; classtype:trojan-activity;sid:83670659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807508)"; flow:established,from_client; content:"GET"; http_method; content:"/download.sh"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807508/; classtype:trojan-activity;sid:83670608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807506)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"193.37.58.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807506/; classtype:trojan-activity;sid:83670606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807507)"; flow:established,from_client; content:"GET"; http_method; content:"/sakura.sh"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807507/; classtype:trojan-activity;sid:83670607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807502)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"192.54.57.13"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807502/; classtype:trojan-activity;sid:83670602; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807501)"; flow:established,from_client; content:"GET"; http_method; content:"/jack5tr.sh"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"188.119.103.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807501/; classtype:trojan-activity;sid:83670601; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807492)"; flow:established,from_client; content:"GET"; http_method; content:"/ping"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"2.57.122.121"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807492/; classtype:trojan-activity;sid:83670592; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807442)"; flow:established,from_client; content:"GET"; http_method; content:"/brute"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"80.94.92.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807442/; classtype:trojan-activity;sid:83670542; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807437)"; flow:established,from_client; content:"GET"; http_method; content:"/b.sh"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.94.92.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807437/; classtype:trojan-activity;sid:83670537; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807438)"; flow:established,from_client; content:"GET"; http_method; content:"/epic"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"80.94.92.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807438/; classtype:trojan-activity;sid:83670538; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807358)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.60.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807358/; classtype:trojan-activity;sid:83670458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807340)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.248.60.43"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807340/; classtype:trojan-activity;sid:83670440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807300)"; flow:established,from_client; content:"GET"; http_method; content:"/http.txt"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807300/; classtype:trojan-activity;sid:83670400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807279)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.191.246.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807279/; classtype:trojan-activity;sid:83670379; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807159)"; flow:established,from_client; content:"GET"; http_method; content:"/java.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"80.94.92.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807159/; classtype:trojan-activity;sid:83670259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807140)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"112.230.185.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807140/; classtype:trojan-activity;sid:83670240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2807022)"; flow:established,from_client; content:"GET"; http_method; content:"/sh.sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"179.43.168.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2807022/; classtype:trojan-activity;sid:83670122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806996)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"27.220.11.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806996/; classtype:trojan-activity;sid:83670096; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806975)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-5.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806975/; classtype:trojan-activity;sid:83670075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806976)"; flow:established,from_client; content:"GET"; http_method; content:"/p-p.c-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806976/; classtype:trojan-activity;sid:83670076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806977)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806977/; classtype:trojan-activity;sid:83670077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806978)"; flow:established,from_client; content:"GET"; http_method; content:"/m-6.8-k.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806978/; classtype:trojan-activity;sid:83670078; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806979)"; flow:established,from_client; content:"GET"; http_method; content:"/m-i.p-s.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806979/; classtype:trojan-activity;sid:83670079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806982)"; flow:established,from_client; content:"GET"; http_method; content:"/m-p.s-l.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806982/; classtype:trojan-activity;sid:83670082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806974)"; flow:established,from_client; content:"GET"; http_method; content:"/s-h.4-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806974/; classtype:trojan-activity;sid:83670074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806968)"; flow:established,from_client; content:"GET"; http_method; content:"/i-5.8-6.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806968/; classtype:trojan-activity;sid:83670068; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806969)"; flow:established,from_client; content:"GET"; http_method; content:"/x-8.6-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806969/; classtype:trojan-activity;sid:83670069; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806970)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-7.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806970/; classtype:trojan-activity;sid:83670070; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806972)"; flow:established,from_client; content:"GET"; http_method; content:"/x-3.2-.sakura"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806972/; classtype:trojan-activity;sid:83670072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806973)"; flow:established,from_client; content:"GET"; http_method; content:"/a-r.m-4.sakura"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"166.88.61.185"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806973/; classtype:trojan-activity;sid:83670073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806901)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1quojns2gd14xigipnfz-zzcvyn6bfrun"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806901/; classtype:trojan-activity;sid:83670001; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806897)"; flow:established,from_client; content:"GET"; http_method; content:"/files/kebab_ext_v2.zip"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"kebabcheats.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806897/; classtype:trojan-activity;sid:83669997; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806884/; classtype:trojan-activity;sid:83669984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806822)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"90.63.155.1"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806822/; classtype:trojan-activity;sid:83669922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806725)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806725/; classtype:trojan-activity;sid:83669825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806726)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806726/; classtype:trojan-activity;sid:83669826; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806729)"; flow:established,from_client; content:"GET"; http_method; content:"/x86_64"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806729/; classtype:trojan-activity;sid:83669829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806718)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806718/; classtype:trojan-activity;sid:83669818; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806720)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806720/; classtype:trojan-activity;sid:83669820; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806712)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806712/; classtype:trojan-activity;sid:83669812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806692)"; flow:established,from_client; content:"GET"; http_method; content:"/sparc"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806692/; classtype:trojan-activity;sid:83669792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806693)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsel"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806693/; classtype:trojan-activity;sid:83669793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806690)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"188.119.103.198"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_10; reference:url, urlhaus.abuse.ch/url/2806690/; classtype:trojan-activity;sid:83669790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806527)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"138.36.239.20"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806527/; classtype:trojan-activity;sid:83669627; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806482)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806482/; classtype:trojan-activity;sid:83669582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806406)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1hb1vko3nhj3lowxhwfzakzjdf3lmz_2c"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806406/; classtype:trojan-activity;sid:83669506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806348)"; flow:established,from_client; content:"GET"; http_method; content:"/sql.zip"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"23.81.41.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806348/; classtype:trojan-activity;sid:83669448; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806344)"; flow:established,from_client; content:"GET"; http_method; content:"/mipsinfo"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"23.81.41.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806344/; classtype:trojan-activity;sid:83669444; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806346)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"23.81.41.166"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806346/; classtype:trojan-activity;sid:83669446; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806342)"; flow:established,from_client; content:"GET"; http_method; content:"/wavelength54/topu/downloads/was.ps1"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806342/; classtype:trojan-activity;sid:83669442; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806292)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mips"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"179.43.168.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806292/; classtype:trojan-activity;sid:83669392; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806264)"; flow:established,from_client; content:"GET"; http_method; content:"/busybox-mipsel"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"179.43.168.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806264/; classtype:trojan-activity;sid:83669364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2806023)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"138.207.174.248"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2806023/; classtype:trojan-activity;sid:83669123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805853)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.191.246.45"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805853/; classtype:trojan-activity;sid:83668953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805749)"; flow:established,from_client; content:"GET"; http_method; content:"/download/6614d814c0eacbf4ee0c58c2"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"api.discreetshare.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_04_09; reference:url, urlhaus.abuse.ch/url/2805749/; classtype:trojan-activity;sid:83668849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805287)"; flow:established,from_client; content:"GET"; http_method; content:"/temp/trustlauncher.rar"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"lflsoftware.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805287/; classtype:trojan-activity;sid:83668387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2805199)"; flow:established,from_client; content:"GET"; http_method; content:"/qtkite/defender-control/releases/download/v1.5/disable-defender.exe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2805199/; classtype:trojan-activity;sid:83668299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804806)"; flow:established,from_client; content:"GET"; http_method; content:"/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"distro.ibiblio.org"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804806/; classtype:trojan-activity;sid:83667906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804701)"; flow:established,from_client; content:"GET"; http_method; content:"/isetup8.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804701/; classtype:trojan-activity;sid:83667801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804603)"; flow:established,from_client; content:"GET"; http_method; content:"/isetup2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804603/; classtype:trojan-activity;sid:83667703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2804573)"; flow:established,from_client; content:"GET"; http_method; content:"/d/24e534/svchost.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"file-drop.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_08; reference:url, urlhaus.abuse.ch/url/2804573/; classtype:trojan-activity;sid:83667673; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803631)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"87.70.92.167"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803631/; classtype:trojan-activity;sid:83666731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803534)"; flow:established,from_client; content:"GET"; http_method; content:"/5.txt"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"195.130.202.18"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803534/; classtype:trojan-activity;sid:83666634; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803523)"; flow:established,from_client; content:"GET"; http_method; content:"/document.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"pub-bfce74d1910148989228a2ae7c102b8a.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803523/; classtype:trojan-activity;sid:83666623; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803517)"; flow:established,from_client; content:"GET"; http_method; content:"/printspoofer.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"35.185.187.24"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803517/; classtype:trojan-activity;sid:83666617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803455)"; flow:established,from_client; content:"GET"; http_method; content:"/download/th/retailer_prog.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_07; reference:url, urlhaus.abuse.ch/url/2803455/; classtype:trojan-activity;sid:83666555; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803234)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"42.55.244.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803234/; classtype:trojan-activity;sid:83666334; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803222)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"42.55.244.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803222/; classtype:trojan-activity;sid:83666322; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803211)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"112.248.111.26"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803211/; classtype:trojan-activity;sid:83666311; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803117)"; flow:established,from_client; content:"GET"; http_method; content:"/broomsetup.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"185.172.128.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803117/; classtype:trojan-activity;sid:83666217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803113)"; flow:established,from_client; content:"GET"; http_method; content:"/syncupd.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803113/; classtype:trojan-activity;sid:83666213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2803114)"; flow:established,from_client; content:"GET"; http_method; content:"/ledger-live.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"185.172.128.228"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2803114/; classtype:trojan-activity;sid:83666214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802884)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802884/; classtype:trojan-activity;sid:83665984; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802625)"; flow:established,from_client; content:"GET"; http_method; content:"/isetup5.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.59"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802625/; classtype:trojan-activity;sid:83665725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802607)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.207.191.131"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_06; reference:url, urlhaus.abuse.ch/url/2802607/; classtype:trojan-activity;sid:83665707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802056)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/n3.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802056/; classtype:trojan-activity;sid:83665156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802057)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/ph.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802057/; classtype:trojan-activity;sid:83665157; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802058)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/wx1.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802058/; classtype:trojan-activity;sid:83665158; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802059)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rinp.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802059/; classtype:trojan-activity;sid:83665159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802060)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rz.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802060/; classtype:trojan-activity;sid:83665160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802061)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rup.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802061/; classtype:trojan-activity;sid:83665161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802062)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/r1.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802062/; classtype:trojan-activity;sid:83665162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802063)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/ps1.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802063/; classtype:trojan-activity;sid:83665163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802064)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/np.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802064/; classtype:trojan-activity;sid:83665164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802065)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rmup.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802065/; classtype:trojan-activity;sid:83665165; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802066)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rr2.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802066/; classtype:trojan-activity;sid:83665166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802067)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rme.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802067/; classtype:trojan-activity;sid:83665167; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802068)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rs.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802068/; classtype:trojan-activity;sid:83665168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802051)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/t3.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802051/; classtype:trojan-activity;sid:83665151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802052)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rmz.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802052/; classtype:trojan-activity;sid:83665152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802053)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/r.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802053/; classtype:trojan-activity;sid:83665153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802054)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/arhvn.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802054/; classtype:trojan-activity;sid:83665154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802055)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/rm.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802055/; classtype:trojan-activity;sid:83665155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802049)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/q1.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802049/; classtype:trojan-activity;sid:83665149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802050)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/pr.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802050/; classtype:trojan-activity;sid:83665150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802042)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/l8.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802042/; classtype:trojan-activity;sid:83665142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802044)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/njz.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802044/; classtype:trojan-activity;sid:83665144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802045)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/q7.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802045/; classtype:trojan-activity;sid:83665145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802046)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/lx6.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802046/; classtype:trojan-activity;sid:83665146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802047)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/p.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802047/; classtype:trojan-activity;sid:83665147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802048)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/async.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802048/; classtype:trojan-activity;sid:83665148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802039)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/nj.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802039/; classtype:trojan-activity;sid:83665139; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802040)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/ny0.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802040/; classtype:trojan-activity;sid:83665140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802041)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/dcr.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802041/; classtype:trojan-activity;sid:83665141; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802035)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/nx.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802035/; classtype:trojan-activity;sid:83665135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802036)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/njx.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802036/; classtype:trojan-activity;sid:83665136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802037)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/zx2.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802037/; classtype:trojan-activity;sid:83665137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2802038)"; flow:established,from_client; content:"GET"; http_method; content:"/tester/rak/gr/arrw.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.202.233.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2802038/; classtype:trojan-activity;sid:83665138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801750)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dc4iab_hlm_nomzlujetqj0bazv82w9u"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_05; reference:url, urlhaus.abuse.ch/url/2801750/; classtype:trojan-activity;sid:83664850; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801314)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.236.160.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801314/; classtype:trojan-activity;sid:83664414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801083)"; flow:established,from_client; content:"GET"; http_method; content:"/download/123p.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801083/; classtype:trojan-activity;sid:83664183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2801063)"; flow:established,from_client; content:"GET"; http_method; content:"/pidoras883/-/releases/download/huesos/ijerkoff.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2801063/; classtype:trojan-activity;sid:83664163; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800910)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1psjfkavxoi-3yv-87eskdpuwzjd5jomd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800910/; classtype:trojan-activity;sid:83664010; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800905)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c-hjo0indwxg0dus_zg0f3jhtmgzcnen"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800905/; classtype:trojan-activity;sid:83664005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800895)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1i33affjfkkztyuz_nusrz4jqs45gwzjs"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800895/; classtype:trojan-activity;sid:83663995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800893)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pssupirwdhnwaztrwz6_7dw9r4h_zau9"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800893/; classtype:trojan-activity;sid:83663993; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800582)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"1.64.200.102"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800582/; classtype:trojan-activity;sid:83663682; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2800576)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"175.166.242.61"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_04; reference:url, urlhaus.abuse.ch/url/2800576/; classtype:trojan-activity;sid:83663676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799475)"; flow:established,from_client; content:"GET"; http_method; content:"/download/th/getimage15.php"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799475/; classtype:trojan-activity;sid:83662575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799388)"; flow:established,from_client; content:"GET"; http_method; content:"/download/th/getimage12.php"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799388/; classtype:trojan-activity;sid:83662488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799358)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dgpz0r0gcq6a-awmrjsfptkwrbozlhpx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799358/; classtype:trojan-activity;sid:83662458; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b3zgfh-ofoq4nkifk7j0manbu5aqvhet"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799349/; classtype:trojan-activity;sid:83662449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799337)"; flow:established,from_client; content:"GET"; http_method; content:"/install.ps1"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"r2.ohyoulookstupid.win"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799337/; classtype:trojan-activity;sid:83662437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799286)"; flow:established,from_client; content:"GET"; http_method; content:"/download/th/getimage16.php"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799286/; classtype:trojan-activity;sid:83662386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799270)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"207.189.221.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799270/; classtype:trojan-activity;sid:83662370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799230)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oe1ixppk9tdxfmairsjhsacdgh2litag"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799230/; classtype:trojan-activity;sid:83662330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799205)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dh3my7h6mtgih5btwmhre7gu6wkxw4ny"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799205/; classtype:trojan-activity;sid:83662305; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799188)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1osqxhd1ncdyo-hhavradwbm9_itb2p49"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799188/; classtype:trojan-activity;sid:83662288; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799183)"; flow:established,from_client; content:"GET"; http_method; content:"/download/th/space.php"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799183/; classtype:trojan-activity;sid:83662283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799182)"; flow:established,from_client; content:"GET"; http_method; content:"/download/th/retail.php"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"5.42.66.10"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799182/; classtype:trojan-activity;sid:83662282; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2799142)"; flow:established,from_client; content:"GET"; http_method; content:"/ps"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.94.92.241"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2799142/; classtype:trojan-activity;sid:83662242; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798905)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"124.135.166.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798905/; classtype:trojan-activity;sid:83662005; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798878)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"31.168.21.62"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798878/; classtype:trojan-activity;sid:83661978; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798877)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.235.7.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798877/; classtype:trojan-activity;sid:83661977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798785)"; flow:established,from_client; content:"GET"; http_method; content:"/curl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798785/; classtype:trojan-activity;sid:83661885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798784)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.209.41.236"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798784/; classtype:trojan-activity;sid:83661884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798768)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"209.239.112.213"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798768/; classtype:trojan-activity;sid:83661868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798698)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"59.55.124.181"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798698/; classtype:trojan-activity;sid:83661798; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798646)"; flow:established,from_client; content:"GET"; http_method; content:"/d/f1e15b/locker.exe"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"file-drop.cc"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_04_02; reference:url, urlhaus.abuse.ch/url/2798646/; classtype:trojan-activity;sid:83661746; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798339)"; flow:established,from_client; content:"GET"; http_method; content:"/batushka/inte.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798339/; classtype:trojan-activity;sid:83661439; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798232)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_gv_k0ynz9_n6h6n7bvistk9oi2njezj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798232/; classtype:trojan-activity;sid:83661332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2798218)"; flow:established,from_client; content:"GET"; http_method; content:"/download.php|3f|pub=inte"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"5.42.65.64"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2798218/; classtype:trojan-activity;sid:83661318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2797804)"; flow:established,from_client; content:"GET"; http_method; content:"/current.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"193.233.132.187"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_04_01; reference:url, urlhaus.abuse.ch/url/2797804/; classtype:trojan-activity;sid:83660904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2797140)"; flow:established,from_client; content:"GET"; http_method; content:"/cmd.10001.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"112.124.64.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_31; reference:url, urlhaus.abuse.ch/url/2797140/; classtype:trojan-activity;sid:83660240; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2796514)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.117.11.60"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_30; reference:url, urlhaus.abuse.ch/url/2796514/; classtype:trojan-activity;sid:83659614; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795886)"; flow:established,from_client; content:"GET"; http_method; content:"/lummac2.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795886/; classtype:trojan-activity;sid:83658986; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795504)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/letmatros.snp"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795504/; classtype:trojan-activity;sid:83658604; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795467)"; flow:established,from_client; content:"GET"; http_method; content:"/scl/fi/oy8858iq8qolsts57wfbt/cheatrun.zip|3f|rlkey=dfm1xos8di7odkk5j9krzlo02|7c|26|7c|dl=0"; http_uri; depth:91; isdataat:!1,relative; nocase; content:"dl.dropboxusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795467/; classtype:trojan-activity;sid:83658567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795397)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.66.18.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795397/; classtype:trojan-activity;sid:83658497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795367)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjk.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"marksidfgs.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_29; reference:url, urlhaus.abuse.ch/url/2795367/; classtype:trojan-activity;sid:83658467; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795037)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=171-yky-j89krighojrmmetm69vbmd5m4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795037/; classtype:trojan-activity;sid:83658137; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2795034)"; flow:established,from_client; content:"GET"; http_method; content:"/gbdnjgeaqubpaxrmmse214.bin"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"adamkiddoo.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2795034/; classtype:trojan-activity;sid:83658134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794950)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"64.66.18.79"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794950/; classtype:trojan-activity;sid:83658050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794831)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.220"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794831/; classtype:trojan-activity;sid:83657931; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794641)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.sh4"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794641/; classtype:trojan-activity;sid:83657741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794636)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mips"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794636/; classtype:trojan-activity;sid:83657736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794637)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm5"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794637/; classtype:trojan-activity;sid:83657737; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794632)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm6"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794632/; classtype:trojan-activity;sid:83657732; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794633)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794633/; classtype:trojan-activity;sid:83657733; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794634)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.x86"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794634/; classtype:trojan-activity;sid:83657734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794635)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.arm7"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794635/; classtype:trojan-activity;sid:83657735; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794628)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.mpsl"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794628/; classtype:trojan-activity;sid:83657728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794629)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.spc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794629/; classtype:trojan-activity;sid:83657729; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794630)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.m68k"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794630/; classtype:trojan-activity;sid:83657730; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794631)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/jew.ppc"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"15.204.223.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794631/; classtype:trojan-activity;sid:83657731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794625)"; flow:established,from_client; content:"GET"; http_method; content:"/static/pt.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"telegram.ninja"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794625/; classtype:trojan-activity;sid:83657725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794608)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pxkpd7y567c6qclfzar4gg7ozi-g8b40"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794608/; classtype:trojan-activity;sid:83657708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794611)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1l-zoyasmfcwfa655dud7ekudjq3ywquk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794611/; classtype:trojan-activity;sid:83657711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794606)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1smjsns4djerxm11i8rx6ldttpsynidio"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794606/; classtype:trojan-activity;sid:83657706; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794563)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uzj6rbkjyyfcvpddyaduabxfay7w4_9w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794563/; classtype:trojan-activity;sid:83657663; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e641k5y0iib409bcxgsvfch2_kot2ox4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794561/; classtype:trojan-activity;sid:83657661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794559)"; flow:established,from_client; content:"GET"; http_method; content:"/server/ww12/appgate2103v01.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"193.233.132.175"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794559/; classtype:trojan-activity;sid:83657659; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2794529)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/buildz.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"sdfjhuz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_28; reference:url, urlhaus.abuse.ch/url/2794529/; classtype:trojan-activity;sid:83657629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793804)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1bgnvdwftmltq_qrgwmaqql5u5qt0pvyb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793804/; classtype:trojan-activity;sid:83656904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793641)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1t36pjqs33b0q_k78zbmxjrlbrzkssrbu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793641/; classtype:trojan-activity;sid:83656741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793611)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1x6cd0z6l79ciefoo627uiws_6yscm_xn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793611/; classtype:trojan-activity;sid:83656711; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793607)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yh5og8eg83ra9cu_6qfdqci_zxlknotl"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793607/; classtype:trojan-activity;sid:83656707; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793601)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zagmuvra37yqn_pzyjur7q_gv8el4l5-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793601/; classtype:trojan-activity;sid:83656701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793603)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1qxwff0k49bjdhwzotirkvqlqhebzgphg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_27; reference:url, urlhaus.abuse.ch/url/2793603/; classtype:trojan-activity;sid:83656703; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793294)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793294/; classtype:trojan-activity;sid:83656394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793285)"; flow:established,from_client; content:"GET"; http_method; content:"/assumendaipsam/point.exe"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"ingatecsus.com.br"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793285/; classtype:trojan-activity;sid:83656385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793274)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"2.55.98.253"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793274/; classtype:trojan-activity;sid:83656374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2793233)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/aofsqfmb7s"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2793233/; classtype:trojan-activity;sid:83656333; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792876)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.51.229.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792876/; classtype:trojan-activity;sid:83655976; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792844)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.51.229.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792844/; classtype:trojan-activity;sid:83655944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792800)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/760/044/original/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792800/; classtype:trojan-activity;sid:83655900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792798)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/760/043/full/new_image.jpg"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792798/; classtype:trojan-activity;sid:83655898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792751)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.105.159.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_26; reference:url, urlhaus.abuse.ch/url/2792751/; classtype:trojan-activity;sid:83655851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792575)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"66.54.98.88"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792575/; classtype:trojan-activity;sid:83655675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792395)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/kioway.smi"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792395/; classtype:trojan-activity;sid:83655495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792394)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/wlbkszoxpvyovh65.bin"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"dnvk1.info"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792394/; classtype:trojan-activity;sid:83655494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792390)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jtfjt2ttvt9mvnkr1xnsxojssean4xry"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792390/; classtype:trojan-activity;sid:83655490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ocskyx0o84gmgc9vx3yvmc9r2ryopsv9"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792389/; classtype:trojan-activity;sid:83655489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792380)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1dxtyrb2uhdzfoecvsdnkpnkpr9lgejmn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792380/; classtype:trojan-activity;sid:83655480; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792379)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1igdsbvkvctvgsjry1rmeojotnl9jbzsm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792379/; classtype:trojan-activity;sid:83655479; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2792375)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1p5myromjprou5-vehst_hpzb7pbwagjw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2792375/; classtype:trojan-activity;sid:83655475; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2791887)"; flow:established,from_client; content:"GET"; http_method; content:"/wr.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.60.39.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2791887/; classtype:trojan-activity;sid:83654987; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2791800)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.81.108.33"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_25; reference:url, urlhaus.abuse.ch/url/2791800/; classtype:trojan-activity;sid:83654900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790708)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.mips"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790708/; classtype:trojan-activity;sid:83653808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790703)"; flow:established,from_client; content:"GET"; http_method; content:"/x86"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"167.86.68.78"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790703/; classtype:trojan-activity;sid:83653803; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790578)"; flow:established,from_client; content:"GET"; http_method; content:"/.index/scan.tar"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"58.216.207.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790578/; classtype:trojan-activity;sid:83653678; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790577)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"92.60.39.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790577/; classtype:trojan-activity;sid:83653677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790576)"; flow:established,from_client; content:"GET"; http_method; content:"/cron"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"92.60.39.76"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790576/; classtype:trojan-activity;sid:83653676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790529)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1v3jbapne_tx5mxdrzl6653nhp0vavggc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790529/; classtype:trojan-activity;sid:83653629; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790532)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rvq8pgkasyh7eicu7wn2_qp6isv2y2wf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790532/; classtype:trojan-activity;sid:83653632; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790513)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m1lfr5wjwb9drg6ei-ycwhailqyfrwni"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790513/; classtype:trojan-activity;sid:83653613; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790512)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1xoop133uf_qyhg-61tr5l1domkwkn0j5|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790512/; classtype:trojan-activity;sid:83653612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790510)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=18x-_ydaarhwgayekdpgl9e53aixtkfp-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790510/; classtype:trojan-activity;sid:83653610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790507)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1q5cjdgzphbzwuklpcb-lvnv88rrbfve_|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_23; reference:url, urlhaus.abuse.ch/url/2790507/; classtype:trojan-activity;sid:83653607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2790074)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/7mifuctejb"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2790074/; classtype:trojan-activity;sid:83653174; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789957)"; flow:established,from_client; content:"GET"; http_method; content:"/gretmeet/nbc938sdu42/raw/main/test.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789957/; classtype:trojan-activity;sid:83653057; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789955)"; flow:established,from_client; content:"GET"; http_method; content:"/incoper887/tua/raw/main/build.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789955/; classtype:trojan-activity;sid:83653055; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789941)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/hovi2pkz3f"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789941/; classtype:trojan-activity;sid:83653041; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789734)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ugl_xjshxerwwbal1fatflznekorqco5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_22; reference:url, urlhaus.abuse.ch/url/2789734/; classtype:trojan-activity;sid:83652834; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789399)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"221.230.38.202"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789399/; classtype:trojan-activity;sid:83652499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789388)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.235.7.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789388/; classtype:trojan-activity;sid:83652488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2789148)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1unbor4j4mhhegxtmwsiszyjbgpmq_tl_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2789148/; classtype:trojan-activity;sid:83652248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788866)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"198.55.111.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788866/; classtype:trojan-activity;sid:83651966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788863)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"109.74.12.246"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788863/; classtype:trojan-activity;sid:83651963; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788832)"; flow:established,from_client; content:"GET"; http_method; content:"/288c47bbc1871b439df19ff4df68f000766.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788832/; classtype:trojan-activity;sid:83651932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788365)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"173.255.238.129"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788365/; classtype:trojan-activity;sid:83651465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2788285)"; flow:established,from_client; content:"GET"; http_method; content:"/isetup10.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_21; reference:url, urlhaus.abuse.ch/url/2788285/; classtype:trojan-activity;sid:83651385; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787791)"; flow:established,from_client; content:"GET"; http_method; content:"/ykwsyyt/help/hddrive1095_xinanplug3030_20230619_inno.exe"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"60.22.23.50"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787791/; classtype:trojan-activity;sid:83650891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787790)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"65.51.229.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787790/; classtype:trojan-activity;sid:83650890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787775)"; flow:established,from_client; content:"GET"; http_method; content:"/rar.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"51.38.95.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787775/; classtype:trojan-activity;sid:83650875; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787774)"; flow:established,from_client; content:"GET"; http_method; content:"/345gdjxc.txt"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"51.38.95.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787774/; classtype:trojan-activity;sid:83650874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787773)"; flow:established,from_client; content:"GET"; http_method; content:"/hosam.rar"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"51.38.95.108"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787773/; classtype:trojan-activity;sid:83650873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787397)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1hditwve1kadzeycbldxttxi4mmhddgyp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_20; reference:url, urlhaus.abuse.ch/url/2787397/; classtype:trojan-activity;sid:83650497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"109.235.7.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787186/; classtype:trojan-activity;sid:83650286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787172)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"109.235.7.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787172/; classtype:trojan-activity;sid:83650272; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787027)"; flow:established,from_client; content:"GET"; http_method; content:"/goahead"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"94.205.212.138"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787027/; classtype:trojan-activity;sid:83650127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787024)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"65.49.44.84"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787024/; classtype:trojan-activity;sid:83650124; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787025)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"201.249.174.166"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787025/; classtype:trojan-activity;sid:83650125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787026)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"104.223.90.5"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787026/; classtype:trojan-activity;sid:83650126; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2787023)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"212.113.35.236"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2787023/; classtype:trojan-activity;sid:83650123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786866)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1udpahhkabfdjz32b558xh_lwxs0snowc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786866/; classtype:trojan-activity;sid:83649966; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786838)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"78.70.203.243"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786838/; classtype:trojan-activity;sid:83649938; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786829)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1re9cqjrafya6wcb5e0zcolwdorvsf9pi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786829/; classtype:trojan-activity;sid:83649929; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786674)"; flow:established,from_client; content:"GET"; http_method; content:"/ftp"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"47.101.206.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786674/; classtype:trojan-activity;sid:83649774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786672)"; flow:established,from_client; content:"GET"; http_method; content:"/bash"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"83.96.147.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786672/; classtype:trojan-activity;sid:83649772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786665)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"46.44.203.207"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786665/; classtype:trojan-activity;sid:83649765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786663)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/er5thygfd.zip"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786663/; classtype:trojan-activity;sid:83649763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786661)"; flow:established,from_client; content:"GET"; http_method; content:"/washywashy14/7zip-bin/master/win/uemlxaw.zip"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786661/; classtype:trojan-activity;sid:83649761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786660)"; flow:established,from_client; content:"GET"; http_method; content:"/tftp"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"61.43.116.247"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786660/; classtype:trojan-activity;sid:83649760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786659)"; flow:established,from_client; content:"GET"; http_method; content:"/sshd"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"117.202.0.14"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786659/; classtype:trojan-activity;sid:83649759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786649)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.42.168.99"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786649/; classtype:trojan-activity;sid:83649749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786651)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"2.187.19.156"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_19; reference:url, urlhaus.abuse.ch/url/2786651/; classtype:trojan-activity;sid:83649751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786332)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.class"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786332/; classtype:trojan-activity;sid:83649432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786333)"; flow:established,from_client; content:"GET"; http_method; content:"/run.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.98.107.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786333/; classtype:trojan-activity;sid:83649433; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786326)"; flow:established,from_client; content:"GET"; http_method; content:"/jndi-injection-exploit-1.0-snapshot-all.jar"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786326/; classtype:trojan-activity;sid:83649426; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786325)"; flow:established,from_client; content:"GET"; http_method; content:"/exploit.java"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786325/; classtype:trojan-activity;sid:83649425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786322)"; flow:established,from_client; content:"GET"; http_method; content:"/jndi_injection_exploit%20.py"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786322/; classtype:trojan-activity;sid:83649422; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786323)"; flow:established,from_client; content:"GET"; http_method; content:"/jndi_marshalsec.py"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"47.97.18.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786323/; classtype:trojan-activity;sid:83649423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2786048)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/build.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"sdfjhuz.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2786048/; classtype:trojan-activity;sid:83649148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785768)"; flow:established,from_client; content:"GET"; http_method; content:"/zev3n/ubuntu-gnome-privilege-escalation/main/cve-2020-1612%5b6_7%5d_exploit.sh"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785768/; classtype:trojan-activity;sid:83648868; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785751)"; flow:established,from_client; content:"GET"; http_method; content:"/wtk/ckeditor/skins/.s/strscan.tgz"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"62.21.103.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785751/; classtype:trojan-activity;sid:83648851; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785466)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/deployment/yellow%20pages%20scraper.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785466/; classtype:trojan-activity;sid:83648566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785447)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tinder%20bot.exe"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785447/; classtype:trojan-activity;sid:83648547; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785443)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tweeter%20traffic.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"blackhattoolz.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785443/; classtype:trojan-activity;sid:83648543; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785444)"; flow:established,from_client; content:"GET"; http_method; content:"/licensing/updates/tweeter%20traffic.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.blackhattoolz.com"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785444/; classtype:trojan-activity;sid:83648544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785441)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.113.68.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_18; reference:url, urlhaus.abuse.ch/url/2785441/; classtype:trojan-activity;sid:83648541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785235)"; flow:established,from_client; content:"GET"; http_method; content:"/ransomware.wannacry_plus.zip"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"14.224.174.212"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785235/; classtype:trojan-activity;sid:83648335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2785170)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/modelingtextbooks.exe"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"www.osijek1862.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_17; reference:url, urlhaus.abuse.ch/url/2785170/; classtype:trojan-activity;sid:83648270; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784476)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_16; reference:url, urlhaus.abuse.ch/url/2784476/; classtype:trojan-activity;sid:83647576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784284)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.236.160.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_16; reference:url, urlhaus.abuse.ch/url/2784284/; classtype:trojan-activity;sid:83647384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2784066)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.162"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2784066/; classtype:trojan-activity;sid:83647166; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2783817)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.245"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2783817/; classtype:trojan-activity;sid:83646917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2783294)"; flow:established,from_client; content:"GET"; http_method; content:"/d/test"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_15; reference:url, urlhaus.abuse.ch/url/2783294/; classtype:trojan-activity;sid:83646394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782942)"; flow:established,from_client; content:"GET"; http_method; content:"/tgc/wegame/miniloader/wegameminiloader.std.5.12.21.1022.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"dldir1.qq.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782942/; classtype:trojan-activity;sid:83646042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782882)"; flow:established,from_client; content:"GET"; http_method; content:"/driveapplet.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"noithaticon.vn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_14; reference:url, urlhaus.abuse.ch/url/2782882/; classtype:trojan-activity;sid:83645982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782434)"; flow:established,from_client; content:"GET"; http_method; content:"/17c4755d1d45ed1bb454/8703634058188758823"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"f24-zfcloud.zdn.vn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782434/; classtype:trojan-activity;sid:83645534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782286)"; flow:established,from_client; content:"GET"; http_method; content:"/files/1cbzrekgr3qfqlniab3cpysqnzafff|3f|content_disposition=attachment|7c|3b|7c|filename=%22upload_20240311-130634.zip"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"public.adobecc.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782286/; classtype:trojan-activity;sid:83645386; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782202)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/751/142/original/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782202/; classtype:trojan-activity;sid:83645302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782125)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782125/; classtype:trojan-activity;sid:83645225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782121)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782121/; classtype:trojan-activity;sid:83645221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782122)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782122/; classtype:trojan-activity;sid:83645222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782123)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782123/; classtype:trojan-activity;sid:83645223; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782124)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782124/; classtype:trojan-activity;sid:83645224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782119)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782119/; classtype:trojan-activity;sid:83645219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782120)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"147.45.47.71"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782120/; classtype:trojan-activity;sid:83645220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2782097)"; flow:established,from_client; content:"GET"; http_method; content:"/bin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.172.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2782097/; classtype:trojan-activity;sid:83645197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2781666)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"27.220.11.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_13; reference:url, urlhaus.abuse.ch/url/2781666/; classtype:trojan-activity;sid:83644766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2781373)"; flow:established,from_client; content:"GET"; http_method; content:"/amad.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.172.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_12; reference:url, urlhaus.abuse.ch/url/2781373/; classtype:trojan-activity;sid:83644473; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780572)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.146"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_12; reference:url, urlhaus.abuse.ch/url/2780572/; classtype:trojan-activity;sid:83643672; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780271)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/753/713/original/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780271/; classtype:trojan-activity;sid:83643371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780261)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"85.72.39.196"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780261/; classtype:trojan-activity;sid:83643361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2780255)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"oys0ro.static.otenet.gr"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_11; reference:url, urlhaus.abuse.ch/url/2780255/; classtype:trojan-activity;sid:83643355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2779108)"; flow:established,from_client; content:"GET"; http_method; content:"/288c47bbc1871b439df19ff4df68f00076.exe"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_10; reference:url, urlhaus.abuse.ch/url/2779108/; classtype:trojan-activity;sid:83642208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777942)"; flow:established,from_client; content:"GET"; http_method; content:"/11"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777942/; classtype:trojan-activity;sid:83641042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777824)"; flow:established,from_client; content:"GET"; http_method; content:"/m.py"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777824/; classtype:trojan-activity;sid:83640924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777823)"; flow:established,from_client; content:"GET"; http_method; content:"/p"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777823/; classtype:trojan-activity;sid:83640923; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777822)"; flow:established,from_client; content:"GET"; http_method; content:"/d"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"193.93.248.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_08; reference:url, urlhaus.abuse.ch/url/2777822/; classtype:trojan-activity;sid:83640922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777441)"; flow:established,from_client; content:"GET"; http_method; content:"/greenpackage.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"bitkiselurunsiparis.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777441/; classtype:trojan-activity;sid:83640541; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2777424)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/751/142/original/new_image.jpg|3f|1709551130"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_03_07; reference:url, urlhaus.abuse.ch/url/2777424/; classtype:trojan-activity;sid:83640524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776841)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_06; reference:url, urlhaus.abuse.ch/url/2776841/; classtype:trojan-activity;sid:83639941; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776125)"; flow:established,from_client; content:"GET"; http_method; content:"/junlionserto/dfgdbfgndbdsfbhry/raw/main/momsstiflersdgjboigfnbio.exe"; http_uri; depth:69; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776125/; classtype:trojan-activity;sid:83639225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776124)"; flow:established,from_client; content:"GET"; http_method; content:"/junlionserto/dfbhdfioughfdsiu/raw/main/poolsdnkjfdbndklsnfgb.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776124/; classtype:trojan-activity;sid:83639224; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776111)"; flow:established,from_client; content:"GET"; http_method; content:"/update/cheat.dll"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776111/; classtype:trojan-activity;sid:83639211; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776110)"; flow:established,from_client; content:"GET"; http_method; content:"/update/main.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776110/; classtype:trojan-activity;sid:83639210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776109)"; flow:established,from_client; content:"GET"; http_method; content:"/update/zverify.dll"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776109/; classtype:trojan-activity;sid:83639209; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776108)"; flow:established,from_client; content:"GET"; http_method; content:"/update/mhpverify.dll"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"103.183.113.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_05; reference:url, urlhaus.abuse.ch/url/2776108/; classtype:trojan-activity;sid:83639208; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776051)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776051/; classtype:trojan-activity;sid:83639151; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776052)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm7"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776052/; classtype:trojan-activity;sid:83639152; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776053)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips64"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776053/; classtype:trojan-activity;sid:83639153; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776054)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm5"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776054/; classtype:trojan-activity;sid:83639154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776055)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mips"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776055/; classtype:trojan-activity;sid:83639155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776060)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.arm6"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776060/; classtype:trojan-activity;sid:83639160; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776044)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.x86"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776044/; classtype:trojan-activity;sid:83639144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776045)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.m68k"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776045/; classtype:trojan-activity;sid:83639145; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776046)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.ppc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776046/; classtype:trojan-activity;sid:83639146; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776049)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.sh4"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776049/; classtype:trojan-activity;sid:83639149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776050)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.spc"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776050/; classtype:trojan-activity;sid:83639150; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2776042)"; flow:established,from_client; content:"GET"; http_method; content:"/d/xd.mpsl"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"20.205.11.156"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2776042/; classtype:trojan-activity;sid:83639142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775708)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.arm5"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775708/; classtype:trojan-activity;sid:83638808; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775709)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.m68k"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775709/; classtype:trojan-activity;sid:83638809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775710)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.arm6"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775710/; classtype:trojan-activity;sid:83638810; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775711)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.arm"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775711/; classtype:trojan-activity;sid:83638811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775712)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.arm7"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775712/; classtype:trojan-activity;sid:83638812; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775713)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.x86_64"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775713/; classtype:trojan-activity;sid:83638813; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775707)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.mpsl"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775707/; classtype:trojan-activity;sid:83638807; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775704)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.x86"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775704/; classtype:trojan-activity;sid:83638804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775705)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.ppc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775705/; classtype:trojan-activity;sid:83638805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775706)"; flow:established,from_client; content:"GET"; http_method; content:"/condi.sh4"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"103.116.52.207"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775706/; classtype:trojan-activity;sid:83638806; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775568)"; flow:established,from_client; content:"GET"; http_method; content:"/fwefwe324234234rgeffwehtrwyrhtrhtqwfqwd31443wefefwwfer3232fewwefwefwefqgrqwtherergqefwefqweqfwqf32fefwsda/uploads/stlc"; http_uri; depth:119; isdataat:!1,relative; nocase; content:"licocojambamarketplace.com"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775568/; classtype:trojan-activity;sid:83638668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775377)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_04; reference:url, urlhaus.abuse.ch/url/2775377/; classtype:trojan-activity;sid:83638477; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2775218)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_03; reference:url, urlhaus.abuse.ch/url/2775218/; classtype:trojan-activity;sid:83638318; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2774521)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_02; reference:url, urlhaus.abuse.ch/url/2774521/; classtype:trojan-activity;sid:83637621; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773880)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"45.229.174.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_02; reference:url, urlhaus.abuse.ch/url/2773880/; classtype:trojan-activity;sid:83636980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773685)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773685/; classtype:trojan-activity;sid:83636785; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773397)"; flow:established,from_client; content:"GET"; http_method; content:"/d21cbe21e38b385a41a68c5e6dd32f4c.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773397/; classtype:trojan-activity;sid:83636497; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2773332)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"79.127.92.80"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_03_01; reference:url, urlhaus.abuse.ch/url/2773332/; classtype:trojan-activity;sid:83636432; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772697)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/x.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772697/; classtype:trojan-activity;sid:83635797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772689)"; flow:established,from_client; content:"GET"; http_method; content:"/docs/met111.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"106.254.250.98"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772689/; classtype:trojan-activity;sid:83635789; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772612)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772612/; classtype:trojan-activity;sid:83635712; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772590)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"162.219.216.183"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_29; reference:url, urlhaus.abuse.ch/url/2772590/; classtype:trojan-activity;sid:83635690; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772424)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/yeuifgx7ja"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_28; reference:url, urlhaus.abuse.ch/url/2772424/; classtype:trojan-activity;sid:83635524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2772425)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/pbuzwq44g7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_28; reference:url, urlhaus.abuse.ch/url/2772425/; classtype:trojan-activity;sid:83635525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2770362)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"24.121.20.254"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_25; reference:url, urlhaus.abuse.ch/url/2770362/; classtype:trojan-activity;sid:83633462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769618)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.197.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769618/; classtype:trojan-activity;sid:83632718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769194)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"75.183.98.139"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769194/; classtype:trojan-activity;sid:83632294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769195)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.188.216.17"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769195/; classtype:trojan-activity;sid:83632295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769196)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"209.42.55.230"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769196/; classtype:trojan-activity;sid:83632296; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769198)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"66.198.199.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769198/; classtype:trojan-activity;sid:83632298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769199)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.194.8.169"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769199/; classtype:trojan-activity;sid:83632299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769192)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"199.114.228.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769192/; classtype:trojan-activity;sid:83632292; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769186)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"24.153.218.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769186/; classtype:trojan-activity;sid:83632286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769181)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"162.199.220.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769181/; classtype:trojan-activity;sid:83632281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769173)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"67.78.106.23"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769173/; classtype:trojan-activity;sid:83632273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769164)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.64.152.242"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769164/; classtype:trojan-activity;sid:83632264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769165)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"64.140.100.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769165/; classtype:trojan-activity;sid:83632265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769166)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"65.132.139.90"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769166/; classtype:trojan-activity;sid:83632266; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769159)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"108.190.56.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769159/; classtype:trojan-activity;sid:83632259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769161)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"73.36.136.53"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769161/; classtype:trojan-activity;sid:83632261; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769162)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769162/; classtype:trojan-activity;sid:83632262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769150)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"68.230.16.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769150/; classtype:trojan-activity;sid:83632250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2769015)"; flow:established,from_client; content:"GET"; http_method; content:"/calendar/down/jeditor/jeditor.exe"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"www.ojang.pe.kr"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_24; reference:url, urlhaus.abuse.ch/url/2769015/; classtype:trojan-activity;sid:83632115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2767640)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"95.169.197.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_22; reference:url, urlhaus.abuse.ch/url/2767640/; classtype:trojan-activity;sid:83630740; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2767634)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.197.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_22; reference:url, urlhaus.abuse.ch/url/2767634/; classtype:trojan-activity;sid:83630734; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2767575)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_22; reference:url, urlhaus.abuse.ch/url/2767575/; classtype:trojan-activity;sid:83630675; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765933)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_r1.bmp"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765933/; classtype:trojan-activity;sid:83629033; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765915)"; flow:established,from_client; content:"GET"; http_method; content:"/install.tgz"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"45.64.128.244"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765915/; classtype:trojan-activity;sid:83629015; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765586)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/uploads/2024/e_default.bmp"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"catbaparadisehotel.com.vn"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765586/; classtype:trojan-activity;sid:83628686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765274)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765274/; classtype:trojan-activity;sid:83628374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765264)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765264/; classtype:trojan-activity;sid:83628364; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765265)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765265/; classtype:trojan-activity;sid:83628365; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765266)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765266/; classtype:trojan-activity;sid:83628366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765267)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765267/; classtype:trojan-activity;sid:83628367; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765268)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765268/; classtype:trojan-activity;sid:83628368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765269)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765269/; classtype:trojan-activity;sid:83628369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765270)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765270/; classtype:trojan-activity;sid:83628370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765271)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765271/; classtype:trojan-activity;sid:83628371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765272)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765272/; classtype:trojan-activity;sid:83628372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765273)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765273/; classtype:trojan-activity;sid:83628373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765257)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765257/; classtype:trojan-activity;sid:83628357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765258)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765258/; classtype:trojan-activity;sid:83628358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765259)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765259/; classtype:trojan-activity;sid:83628359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765260)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765260/; classtype:trojan-activity;sid:83628360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765261)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765261/; classtype:trojan-activity;sid:83628361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765262)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765262/; classtype:trojan-activity;sid:83628362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765263)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"cloud.zhifeiyi.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765263/; classtype:trojan-activity;sid:83628363; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765256)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765256/; classtype:trojan-activity;sid:83628356; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765247)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.ppc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765247/; classtype:trojan-activity;sid:83628347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765248)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765248/; classtype:trojan-activity;sid:83628348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765249)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765249/; classtype:trojan-activity;sid:83628349; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765250)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765250/; classtype:trojan-activity;sid:83628350; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765251)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765251/; classtype:trojan-activity;sid:83628351; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765252)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765252/; classtype:trojan-activity;sid:83628352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765253)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765253/; classtype:trojan-activity;sid:83628353; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765254)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765254/; classtype:trojan-activity;sid:83628354; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765255)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.m68k"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765255/; classtype:trojan-activity;sid:83628355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765243)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mpsl"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765243/; classtype:trojan-activity;sid:83628343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765244)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765244/; classtype:trojan-activity;sid:83628344; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765245)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"netpay.51sfy.net"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765245/; classtype:trojan-activity;sid:83628345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765246)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.sh4"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765246/; classtype:trojan-activity;sid:83628346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765241)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765241/; classtype:trojan-activity;sid:83628341; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765242)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765242/; classtype:trojan-activity;sid:83628342; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765240)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm5"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765240/; classtype:trojan-activity;sid:83628340; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765238)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm6"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765238/; classtype:trojan-activity;sid:83628338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765239)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765239/; classtype:trojan-activity;sid:83628339; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2765158)"; flow:established,from_client; content:"GET"; http_method; content:"/e0cbefcb1af40c7d4aff4aca26621a98.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2765158/; classtype:trojan-activity;sid:83628258; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764976)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"213.120.230.115"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_20; reference:url, urlhaus.abuse.ch/url/2764976/; classtype:trojan-activity;sid:83628076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764670)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bflpscdni1"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764670/; classtype:trojan-activity;sid:83627770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764586)"; flow:established,from_client; content:"GET"; http_method; content:"/jailtonoliveira301018/working/raw/main/visualizador.msi"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764586/; classtype:trojan-activity;sid:83627686; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764518)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"158.255.82.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764518/; classtype:trojan-activity;sid:83627618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764512)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764512/; classtype:trojan-activity;sid:83627612; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764507)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764507/; classtype:trojan-activity;sid:83627607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764508)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764508/; classtype:trojan-activity;sid:83627608; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764509)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764509/; classtype:trojan-activity;sid:83627609; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764510)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764510/; classtype:trojan-activity;sid:83627610; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764511)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764511/; classtype:trojan-activity;sid:83627611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764488)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.215.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764488/; classtype:trojan-activity;sid:83627588; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764301)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"95.169.197.246"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764301/; classtype:trojan-activity;sid:83627401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2764194)"; flow:established,from_client; content:"GET"; http_method; content:"/pilgzi.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"filekg-download-01.fra1.cdn.digitaloceanspaces.com"; http_host; depth:50; isdataat:!1,relative; metadata:created_at 2024_02_19; reference:url, urlhaus.abuse.ch/url/2764194/; classtype:trojan-activity;sid:83627294; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2760916)"; flow:established,from_client; content:"GET"; http_method; content:"/bot"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"91.121.47.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_14; reference:url, urlhaus.abuse.ch/url/2760916/; classtype:trojan-activity;sid:83624016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2760208)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1idr2kutygbqp_loxqdocuzvjalp19zpp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2760208/; classtype:trojan-activity;sid:83623308; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759986)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/freebl3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759986/; classtype:trojan-activity;sid:83623086; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759987)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/mozglue.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759987/; classtype:trojan-activity;sid:83623087; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759983)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/msvcp140.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759983/; classtype:trojan-activity;sid:83623083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759984)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/vcruntime140.dll"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759984/; classtype:trojan-activity;sid:83623084; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759985)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/softokn3.dll"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759985/; classtype:trojan-activity;sid:83623085; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759980)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/nss3.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759980/; classtype:trojan-activity;sid:83623080; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759981)"; flow:established,from_client; content:"GET"; http_method; content:"/9f244f7bc6ab2605/sqlite3.dll"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"147.45.47.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_12; reference:url, urlhaus.abuse.ch/url/2759981/; classtype:trojan-activity;sid:83623081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759466)"; flow:established,from_client; content:"GET"; http_method; content:"/ikun10.txt"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"8.219.229.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759466/; classtype:trojan-activity;sid:83622566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759467)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_x64.bin"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.219.229.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759467/; classtype:trojan-activity;sid:83622567; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2759465)"; flow:established,from_client; content:"GET"; http_method; content:"/payload_x64.txt"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"8.219.229.99"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_02_11; reference:url, urlhaus.abuse.ch/url/2759465/; classtype:trojan-activity;sid:83622565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758976)"; flow:established,from_client; content:"GET"; http_method; content:"/images/004/731/991/original/new_image.jpg"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"uploaddeimagens.com.br"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758976/; classtype:trojan-activity;sid:83622076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758725)"; flow:established,from_client; content:"GET"; http_method; content:"/native.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ns2.timecheck.ug"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758725/; classtype:trojan-activity;sid:83621825; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758723)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfg.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ns2.timecheck.ug"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758723/; classtype:trojan-activity;sid:83621823; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758716)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1xs8pro01qbtxyw-svqnnkvejhdsdmydt"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758716/; classtype:trojan-activity;sid:83621816; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758697)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjkl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"ns2.timecheck.ug"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_09; reference:url, urlhaus.abuse.ch/url/2758697/; classtype:trojan-activity;sid:83621797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758306)"; flow:established,from_client; content:"GET"; http_method; content:"/sobaka212/n/releases/download/rr/dcratbuild.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758306/; classtype:trojan-activity;sid:83621406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758301)"; flow:established,from_client; content:"GET"; http_method; content:"/sobaka212/n/releases/download/rr/ce0b953269c74bc.exe"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758301/; classtype:trojan-activity;sid:83621401; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758275)"; flow:established,from_client; content:"GET"; http_method; content:"/net.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"opesjk.ug"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758275/; classtype:trojan-activity;sid:83621375; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758276)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjk.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"opesjk.ug"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758276/; classtype:trojan-activity;sid:83621376; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758274)"; flow:established,from_client; content:"GET"; http_method; content:"/native.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"opesjk.ug"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758274/; classtype:trojan-activity;sid:83621374; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758184)"; flow:established,from_client; content:"GET"; http_method; content:"/native.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"mistitis.ug"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758184/; classtype:trojan-activity;sid:83621284; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758181)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"mistitis.ug"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758181/; classtype:trojan-activity;sid:83621281; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758163)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfg.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"opsdjs.ug"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758163/; classtype:trojan-activity;sid:83621263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758164)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjk.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"opsdjs.ug"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758164/; classtype:trojan-activity;sid:83621264; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758151)"; flow:established,from_client; content:"GET"; http_method; content:"/net.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"hubvera.ac.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758151/; classtype:trojan-activity;sid:83621251; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758152)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjkl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"marksidfgs.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758152/; classtype:trojan-activity;sid:83621252; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758153)"; flow:established,from_client; content:"GET"; http_method; content:"/net.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"marksidfgs.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758153/; classtype:trojan-activity;sid:83621253; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758154)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjk.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"lastimaners.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758154/; classtype:trojan-activity;sid:83621254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758155)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfg.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"hubvera.ac.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758155/; classtype:trojan-activity;sid:83621255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2758156)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"hubvera.ac.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_08; reference:url, urlhaus.abuse.ch/url/2758156/; classtype:trojan-activity;sid:83621256; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757963)"; flow:established,from_client; content:"GET"; http_method; content:"/mobileanjian.apk"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"103.6.5.3"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757963/; classtype:trojan-activity;sid:83621063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757961)"; flow:established,from_client; content:"GET"; http_method; content:"/mcafee.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"immobilien-spektrum.de"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757961/; classtype:trojan-activity;sid:83621061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757874)"; flow:established,from_client; content:"GET"; http_method; content:"/native.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757874/; classtype:trojan-activity;sid:83620974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757869)"; flow:established,from_client; content:"GET"; http_method; content:"/net.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757869/; classtype:trojan-activity;sid:83620969; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757870)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjkl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757870/; classtype:trojan-activity;sid:83620970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757871)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757871/; classtype:trojan-activity;sid:83620971; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757872)"; flow:established,from_client; content:"GET"; http_method; content:"/ghjk.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757872/; classtype:trojan-activity;sid:83620972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757873)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfg.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757873/; classtype:trojan-activity;sid:83620973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757867)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"91.215.85.223"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_02_07; reference:url, urlhaus.abuse.ch/url/2757867/; classtype:trojan-activity;sid:83620967; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757722)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_06; reference:url, urlhaus.abuse.ch/url/2757722/; classtype:trojan-activity;sid:83620822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757470)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16ytdh6yhfsrndhg_xczmgzjkuvwdt25r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_06; reference:url, urlhaus.abuse.ch/url/2757470/; classtype:trojan-activity;sid:83620570; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757163)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757163/; classtype:trojan-activity;sid:83620263; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757155)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"188.150.231.39"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757155/; classtype:trojan-activity;sid:83620255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757154)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.249"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757154/; classtype:trojan-activity;sid:83620254; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757090)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"80.202.217.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757090/; classtype:trojan-activity;sid:83620190; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2757076)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"80.202.217.118"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_02_05; reference:url, urlhaus.abuse.ch/url/2757076/; classtype:trojan-activity;sid:83620176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2756454)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"152.160.191.186"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_04; reference:url, urlhaus.abuse.ch/url/2756454/; classtype:trojan-activity;sid:83619554; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2755280)"; flow:established,from_client; content:"GET"; http_method; content:"/den4ikyt/spoofer/raw/main/hwid%20spoofer.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_02_02; reference:url, urlhaus.abuse.ch/url/2755280/; classtype:trojan-activity;sid:83618380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754939)"; flow:established,from_client; content:"GET"; http_method; content:"/timesync.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.172.128.127"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754939/; classtype:trojan-activity;sid:83618039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754788)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.i686"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754788/; classtype:trojan-activity;sid:83617888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754787)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.spc"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754787/; classtype:trojan-activity;sid:83617887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754786)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754786/; classtype:trojan-activity;sid:83617886; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754784)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754784/; classtype:trojan-activity;sid:83617884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754785)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.arm"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754785/; classtype:trojan-activity;sid:83617885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754783)"; flow:established,from_client; content:"GET"; http_method; content:"/cn/sysnew.x86_64"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"best.obs.cn-sz1.ctyun.cn"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754783/; classtype:trojan-activity;sid:83617883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754749)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uqg1nqa_xwers1_ysieimfiz-pnax2qw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754749/; classtype:trojan-activity;sid:83617849; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754663)"; flow:established,from_client; content:"GET"; http_method; content:"/photo/1.jpg"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mmtplonline.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_02_01; reference:url, urlhaus.abuse.ch/url/2754663/; classtype:trojan-activity;sid:83617763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754299)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1wuy2y3vbxibdfqcs6-kx96nocarzixfd"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754299/; classtype:trojan-activity;sid:83617399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754083)"; flow:established,from_client; content:"GET"; http_method; content:"/hackwardev/globalnet/raw/main/files/pc/user%20oobe%20broker.exe"; http_uri; depth:64; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754083/; classtype:trojan-activity;sid:83617183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754082)"; flow:established,from_client; content:"GET"; http_method; content:"/hackwardev/globalnet/raw/main/files/pc/presentationfontcache.exe"; http_uri; depth:65; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754082/; classtype:trojan-activity;sid:83617182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2754081)"; flow:established,from_client; content:"GET"; http_method; content:"/hackwardev/globalnet/raw/main/files/pc/igfxcuiservice%20module.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_31; reference:url, urlhaus.abuse.ch/url/2754081/; classtype:trojan-activity;sid:83617181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2753159)"; flow:established,from_client; content:"GET"; http_method; content:"/ma.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2753159/; classtype:trojan-activity;sid:83616259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752947)"; flow:established,from_client; content:"GET"; http_method; content:"/app/view/ta.sh"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"118.26.174.163"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_29; reference:url, urlhaus.abuse.ch/url/2752947/; classtype:trojan-activity;sid:83616047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752721)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.66"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752721/; classtype:trojan-activity;sid:83615821; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752434)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/build6_unencrypted.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_28; reference:url, urlhaus.abuse.ch/url/2752434/; classtype:trojan-activity;sid:83615534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752411)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752411/; classtype:trojan-activity;sid:83615511; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752294)"; flow:established,from_client; content:"GET"; http_method; content:"/neverhodeqqp/dskas77/raw/main/dsdasda.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752294/; classtype:trojan-activity;sid:83615394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752247)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.236.93.129"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752247/; classtype:trojan-activity;sid:83615347; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2752238)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"150.117.7.70"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_27; reference:url, urlhaus.abuse.ch/url/2752238/; classtype:trojan-activity;sid:83615338; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751248)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gzckgqlufkfpmlzsd4dlrp8-nrdeju1w"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751248/; classtype:trojan-activity;sid:83614348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751162)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ppxxpduwoj"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751162/; classtype:trojan-activity;sid:83614262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2751044)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1mt_cjlvidpxmet7lztiurw3cvorkobep"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_24; reference:url, urlhaus.abuse.ch/url/2751044/; classtype:trojan-activity;sid:83614144; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750705)"; flow:established,from_client; content:"GET"; http_method; content:"/new/miner-xmr1.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_23; reference:url, urlhaus.abuse.ch/url/2750705/; classtype:trojan-activity;sid:83613805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750696)"; flow:established,from_client; content:"GET"; http_method; content:"/sc.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_23; reference:url, urlhaus.abuse.ch/url/2750696/; classtype:trojan-activity;sid:83613796; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750618)"; flow:established,from_client; content:"GET"; http_method; content:"/firstz.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.172.128.19"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_23; reference:url, urlhaus.abuse.ch/url/2750618/; classtype:trojan-activity;sid:83613718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750554)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/first.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_22; reference:url, urlhaus.abuse.ch/url/2750554/; classtype:trojan-activity;sid:83613654; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750092)"; flow:established,from_client; content:"GET"; http_method; content:"/penanosd/water/releases/download/code/dvchost.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2750092/; classtype:trojan-activity;sid:83613192; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2750042)"; flow:established,from_client; content:"GET"; http_method; content:"/code/dl/bsoe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"wtools.io"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2750042/; classtype:trojan-activity;sid:83613142; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749981)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/windows.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749981/; classtype:trojan-activity;sid:83613081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749973)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/eszop.exe"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749973/; classtype:trojan-activity;sid:83613073; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749975)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/wefhrf.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_21; reference:url, urlhaus.abuse.ch/url/2749975/; classtype:trojan-activity;sid:83613075; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749528)"; flow:established,from_client; content:"GET"; http_method; content:"/bo"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.121.47.45"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_19; reference:url, urlhaus.abuse.ch/url/2749528/; classtype:trojan-activity;sid:83612628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749345)"; flow:established,from_client; content:"GET"; http_method; content:"/adobe_acrobat_installer.7z"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"pub-97694a1358de4edbb16efd939f516a29.r2.dev"; http_host; depth:43; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749345/; classtype:trojan-activity;sid:83612445; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749314)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/iesxjvp9nc"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_01_18; reference:url, urlhaus.abuse.ch/url/2749314/; classtype:trojan-activity;sid:83612414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2749054)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lrviuk1wka4di3qh7ach-b7m1ics2hbp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2749054/; classtype:trojan-activity;sid:83612154; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748952)"; flow:established,from_client; content:"GET"; http_method; content:"/test/2.3.1.1.exe"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"ummotosmexico.mx"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_16; reference:url, urlhaus.abuse.ch/url/2748952/; classtype:trojan-activity;sid:83612052; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748834)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.x86"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748834/; classtype:trojan-activity;sid:83611934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748820)"; flow:established,from_client; content:"GET"; http_method; content:"/riseme-origami/g/raw/main/client-built.exe"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748820/; classtype:trojan-activity;sid:83611920; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748808)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/raw/main/cayv0deo9jst417.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748808/; classtype:trojan-activity;sid:83611908; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748809)"; flow:established,from_client; content:"GET"; http_method; content:"/kseniakucherksenia/.github.io/main/cayv0deo9jst417.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2024_01_15; reference:url, urlhaus.abuse.ch/url/2748809/; classtype:trojan-activity;sid:83611909; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748605)"; flow:established,from_client; content:"GET"; http_method; content:"/ssslllap1/asdasd/raw/main/crypted.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2024_01_13; reference:url, urlhaus.abuse.ch/url/2748605/; classtype:trojan-activity;sid:83611705; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748365)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ifvzub1blhmwsirshbe2wu5b1tus3ls-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748365/; classtype:trojan-activity;sid:83611465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748363)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yydiodtw09banou13ro8ielf9rcmljxy"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748363/; classtype:trojan-activity;sid:83611463; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748360)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11cbyky_wegqjut6afr8jannw7vub-xxf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748360/; classtype:trojan-activity;sid:83611460; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2748350)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rqhgsr779gyzvi15p-bmkx8txq4bj-yi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_12; reference:url, urlhaus.abuse.ch/url/2748350/; classtype:trojan-activity;sid:83611450; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747826)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1u-vaalebjnomuhbyimsdjqctjqfyiwna"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747826/; classtype:trojan-activity;sid:83610926; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747824)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ff79_1umnp7iyibpg169gupnkiz0zfr_"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747824/; classtype:trojan-activity;sid:83610924; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747822)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=16cxnfwhckhznnkons3bjuyy-qnq0e7bn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2024_01_10; reference:url, urlhaus.abuse.ch/url/2747822/; classtype:trojan-activity;sid:83610922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747531)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.28.54"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_09; reference:url, urlhaus.abuse.ch/url/2747531/; classtype:trojan-activity;sid:83610631; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747416)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/dbxah8sw1f"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747416/; classtype:trojan-activity;sid:83610516; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747323)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"96.18.165.28"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_08; reference:url, urlhaus.abuse.ch/url/2747323/; classtype:trojan-activity;sid:83610423; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2747088)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.165.120.174"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_07; reference:url, urlhaus.abuse.ch/url/2747088/; classtype:trojan-activity;sid:83610188; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746783)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.35.231"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2024_01_06; reference:url, urlhaus.abuse.ch/url/2746783/; classtype:trojan-activity;sid:83609883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746354)"; flow:established,from_client; content:"GET"; http_method; content:"/lin"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"configure.syscatec.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746354/; classtype:trojan-activity;sid:83609454; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746353)"; flow:established,from_client; content:"GET"; http_method; content:"/test2.doc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"configure.syscatec.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746353/; classtype:trojan-activity;sid:83609453; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746352)"; flow:established,from_client; content:"GET"; http_method; content:"/test3.doc"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"configure.syscatec.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2024_01_04; reference:url, urlhaus.abuse.ch/url/2746352/; classtype:trojan-activity;sid:83609452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2746190)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"158.255.82.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2024_01_03; reference:url, urlhaus.abuse.ch/url/2746190/; classtype:trojan-activity;sid:83609290; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745413)"; flow:established,from_client; content:"GET"; http_method; content:"/hv.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_31; reference:url, urlhaus.abuse.ch/url/2745413/; classtype:trojan-activity;sid:83608513; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745230)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.235.2"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_30; reference:url, urlhaus.abuse.ch/url/2745230/; classtype:trojan-activity;sid:83608330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2745073)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.111.184.77"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_29; reference:url, urlhaus.abuse.ch/url/2745073/; classtype:trojan-activity;sid:83608173; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744609)"; flow:established,from_client; content:"GET"; http_method; content:"/24/b.jpg"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.16.38.38"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_27; reference:url, urlhaus.abuse.ch/url/2744609/; classtype:trojan-activity;sid:83607709; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744516)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.149.127.214"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744516/; classtype:trojan-activity;sid:83607616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744395)"; flow:established,from_client; content:"GET"; http_method; content:"/ama.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_26; reference:url, urlhaus.abuse.ch/url/2744395/; classtype:trojan-activity;sid:83607495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744370)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.91.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_12_25; reference:url, urlhaus.abuse.ch/url/2744370/; classtype:trojan-activity;sid:83607470; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2744000)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.193.21.48"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_24; reference:url, urlhaus.abuse.ch/url/2744000/; classtype:trojan-activity;sid:83607100; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743461)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12rmvuwgpj0dzbb3haoaww2lviavhvb4r"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743461/; classtype:trojan-activity;sid:83606561; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743460)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1rfsmrzeanvap2tnmtwrptlepwarwlkge"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_22; reference:url, urlhaus.abuse.ch/url/2743460/; classtype:trojan-activity;sid:83606560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2743125)"; flow:established,from_client; content:"GET"; http_method; content:"/it-alert-2023/update/downloads/sns_24.apk"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2743125/; classtype:trojan-activity;sid:83606225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742875)"; flow:established,from_client; content:"GET"; http_method; content:"/ma.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2742875/; classtype:trojan-activity;sid:83605975; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742874)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.32"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_12_21; reference:url, urlhaus.abuse.ch/url/2742874/; classtype:trojan-activity;sid:83605974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742584)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"177.129.147.4"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_20; reference:url, urlhaus.abuse.ch/url/2742584/; classtype:trojan-activity;sid:83605684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742518)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1k0bqhrtnu4v1yexoni5p1utyjuohmfzm"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742518/; classtype:trojan-activity;sid:83605618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742516)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1fhqpevblkipshqumjmsbzeetdzhzxv-j"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742516/; classtype:trojan-activity;sid:83605616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2742506)"; flow:established,from_client; content:"GET"; http_method; content:"/fra1zz1337/stealer/releases/download/stealer/creal.exe"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_19; reference:url, urlhaus.abuse.ch/url/2742506/; classtype:trojan-activity;sid:83605606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741760)"; flow:established,from_client; content:"GET"; http_method; content:"/viewm/installerengine.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"lestandardsarl.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_12_18; reference:url, urlhaus.abuse.ch/url/2741760/; classtype:trojan-activity;sid:83604860; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741199)"; flow:established,from_client; content:"GET"; http_method; content:"/testing77777/appdevlompent55555555/downloads/v2.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2741199/; classtype:trojan-activity;sid:83604299; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2741198)"; flow:established,from_client; content:"GET"; http_method; content:"/testing77777/appdevlompent55555555/downloads/m5traider.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2741198/; classtype:trojan-activity;sid:83604298; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740641)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.85.48.31"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_15; reference:url, urlhaus.abuse.ch/url/2740641/; classtype:trojan-activity;sid:83603741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740202)"; flow:established,from_client; content:"GET"; http_method; content:"/pcs/click|3f|adurl=//balkarsoftware.cubistech.com"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"adclick.g.doubleclick.net"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740202/; classtype:trojan-activity;sid:83603302; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740068)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.91.182.4"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740068/; classtype:trojan-activity;sid:83603168; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2740061)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.104.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_13; reference:url, urlhaus.abuse.ch/url/2740061/; classtype:trojan-activity;sid:83603161; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739667)"; flow:established,from_client; content:"GET"; http_method; content:"/miner.py"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"172.105.29.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739667/; classtype:trojan-activity;sid:83602767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739660)"; flow:established,from_client; content:"GET"; http_method; content:"/keylogger.py"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"172.105.29.23"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739660/; classtype:trojan-activity;sid:83602760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739592)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739592/; classtype:trojan-activity;sid:83602692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739361)"; flow:established,from_client; content:"GET"; http_method; content:"/ama.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_11; reference:url, urlhaus.abuse.ch/url/2739361/; classtype:trojan-activity;sid:83602461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739318)"; flow:established,from_client; content:"GET"; http_method; content:"/logos/255_cokhxxskpuo"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.eastconsults.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739318/; classtype:trojan-activity;sid:83602418; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739307)"; flow:established,from_client; content:"GET"; http_method; content:"/bodywawe/downwawe/downloads/fort.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739307/; classtype:trojan-activity;sid:83602407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2739139)"; flow:established,from_client; content:"GET"; http_method; content:"/ma.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_10; reference:url, urlhaus.abuse.ch/url/2739139/; classtype:trojan-activity;sid:83602239; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738927)"; flow:established,from_client; content:"GET"; http_method; content:"/hv.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.8"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_08; reference:url, urlhaus.abuse.ch/url/2738927/; classtype:trojan-activity;sid:83602027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738687)"; flow:established,from_client; content:"GET"; http_method; content:"/pinguin.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_08; reference:url, urlhaus.abuse.ch/url/2738687/; classtype:trojan-activity;sid:83601787; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2738412)"; flow:established,from_client; content:"GET"; http_method; content:"/kyango01/steam/raw/main/soft.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_12_07; reference:url, urlhaus.abuse.ch/url/2738412/; classtype:trojan-activity;sid:83601512; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737506)"; flow:established,from_client; content:"GET"; http_method; content:"/pinguin.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_04; reference:url, urlhaus.abuse.ch/url/2737506/; classtype:trojan-activity;sid:83600606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737343)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/ld17s2rgt9"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_12_04; reference:url, urlhaus.abuse.ch/url/2737343/; classtype:trojan-activity;sid:83600443; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737094)"; flow:established,from_client; content:"GET"; http_method; content:"/svchost.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"185.172.128.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_04; reference:url, urlhaus.abuse.ch/url/2737094/; classtype:trojan-activity;sid:83600194; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737075)"; flow:established,from_client; content:"GET"; http_method; content:"/ama.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737075/; classtype:trojan-activity;sid:83600175; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737076)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737076/; classtype:trojan-activity;sid:83600176; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737077)"; flow:established,from_client; content:"GET"; http_method; content:"/ma.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.121"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737077/; classtype:trojan-activity;sid:83600177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737035)"; flow:established,from_client; content:"GET"; http_method; content:"/o1lov/repo1lov/downloads/kidi.rar"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737035/; classtype:trojan-activity;sid:83600135; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2737036)"; flow:established,from_client; content:"GET"; http_method; content:"/download-hack/download/downloads/kiddions_menu.rar"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_03; reference:url, urlhaus.abuse.ch/url/2737036/; classtype:trojan-activity;sid:83600136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736664)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.6.184.196"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_02; reference:url, urlhaus.abuse.ch/url/2736664/; classtype:trojan-activity;sid:83599764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736560)"; flow:established,from_client; content:"GET"; http_method; content:"/tautata-hacks/download/downloads/kiddions_menu.rar"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_12_01; reference:url, urlhaus.abuse.ch/url/2736560/; classtype:trojan-activity;sid:83599660; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736511)"; flow:established,from_client; content:"GET"; http_method; content:"/ma.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_12_01; reference:url, urlhaus.abuse.ch/url/2736511/; classtype:trojan-activity;sid:83599611; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736424)"; flow:established,from_client; content:"GET"; http_method; content:"/georgy1ss1s/geoasdfasdf/downloads/fortnite_hack.rar"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_30; reference:url, urlhaus.abuse.ch/url/2736424/; classtype:trojan-activity;sid:83599524; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736337)"; flow:established,from_client; content:"GET"; http_method; content:"/hv.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.113"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_30; reference:url, urlhaus.abuse.ch/url/2736337/; classtype:trojan-activity;sid:83599437; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2736281)"; flow:established,from_client; content:"GET"; http_method; content:"/1/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.79.169.52"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_29; reference:url, urlhaus.abuse.ch/url/2736281/; classtype:trojan-activity;sid:83599381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735895)"; flow:established,from_client; content:"GET"; http_method; content:"/inseller31/loverskit1/downloads/fort.rar"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_28; reference:url, urlhaus.abuse.ch/url/2735895/; classtype:trojan-activity;sid:83598995; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735896)"; flow:established,from_client; content:"GET"; http_method; content:"/tautara-dwnl/download/downloads/kiddions_menu.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_28; reference:url, urlhaus.abuse.ch/url/2735896/; classtype:trojan-activity;sid:83598996; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735589)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pgpjkox9-ztieqrellytrhuk9bykwmfj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735589/; classtype:trojan-activity;sid:83598689; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735584)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1qvag-koyy2l8h5lwvaeaw35hnuwbm3xo"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_27; reference:url, urlhaus.abuse.ch/url/2735584/; classtype:trojan-activity;sid:83598684; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735404)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735404/; classtype:trojan-activity;sid:83598504; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735400)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.dll"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735400/; classtype:trojan-activity;sid:83598500; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735399)"; flow:established,from_client; content:"GET"; http_method; content:"/chdyz/chdyz.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"47.110.247.171"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735399/; classtype:trojan-activity;sid:83598499; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735378)"; flow:established,from_client; content:"GET"; http_method; content:"/ma.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735378/; classtype:trojan-activity;sid:83598478; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735280)"; flow:established,from_client; content:"GET"; http_method; content:"/hv.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.160"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_26; reference:url, urlhaus.abuse.ch/url/2735280/; classtype:trojan-activity;sid:83598380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2735077)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/network/store.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.globallaborsupply.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2735077/; classtype:trojan-activity;sid:83598177; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734988)"; flow:established,from_client; content:"GET"; http_method; content:"/lti_ruby/av/development/insertionsortpro.js"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"lti.cs.vt.edu"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734988/; classtype:trojan-activity;sid:83598088; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734983)"; flow:established,from_client; content:"GET"; http_method; content:"/wei"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"80.68.196.6"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734983/; classtype:trojan-activity;sid:83598083; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734982)"; flow:established,from_client; content:"GET"; http_method; content:"/bins/sora.mips"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"114.67.217.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734982/; classtype:trojan-activity;sid:83598082; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734981)"; flow:established,from_client; content:"GET"; http_method; content:"/vendor/bin/nobody/clean.it"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"xiangshunjy.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734981/; classtype:trojan-activity;sid:83598081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734979)"; flow:established,from_client; content:"GET"; http_method; content:"/404"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"31.184.194.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_24; reference:url, urlhaus.abuse.ch/url/2734979/; classtype:trojan-activity;sid:83598079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2734870)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=17bsqdb9hpmi35bdhkfrcxc41lgj02zd3|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2734870/; classtype:trojan-activity;sid:83597970; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733770)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"51.182.145.71"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733770/; classtype:trojan-activity;sid:83596870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.139.249.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_23; reference:url, urlhaus.abuse.ch/url/2733771/; classtype:trojan-activity;sid:83596871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733669)"; flow:established,from_client; content:"GET"; http_method; content:"/ama.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.172.128.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733669/; classtype:trojan-activity;sid:83596769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733665)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"162.199.220.67"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_22; reference:url, urlhaus.abuse.ch/url/2733665/; classtype:trojan-activity;sid:83596765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733619)"; flow:established,from_client; content:"GET"; http_method; content:"/cp.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_21; reference:url, urlhaus.abuse.ch/url/2733619/; classtype:trojan-activity;sid:83596719; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733618)"; flow:established,from_client; content:"GET"; http_method; content:"/hv.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"185.172.128.154"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_21; reference:url, urlhaus.abuse.ch/url/2733618/; classtype:trojan-activity;sid:83596718; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2733255)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/oguv3ega7u"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_21; reference:url, urlhaus.abuse.ch/url/2733255/; classtype:trojan-activity;sid:83596355; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731873)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"163.47.209.166"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_18; reference:url, urlhaus.abuse.ch/url/2731873/; classtype:trojan-activity;sid:83594973; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731428)"; flow:established,from_client; content:"GET"; http_method; content:"/update.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"muzzumilruheel.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2023_11_17; reference:url, urlhaus.abuse.ch/url/2731428/; classtype:trojan-activity;sid:83594528; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731357)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"115.165.209.73"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731357/; classtype:trojan-activity;sid:83594457; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731319)"; flow:established,from_client; content:"GET"; http_method; content:"/georgy1ss1s/geoasdfasdf/downloads/kiddions_mod_menu.rar"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731319/; classtype:trojan-activity;sid:83594419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2731257)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"151.240.193.184"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_11_16; reference:url, urlhaus.abuse.ch/url/2731257/; classtype:trojan-activity;sid:83594357; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730593)"; flow:established,from_client; content:"GET"; http_method; content:"/recovery.dat"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"185.172.128.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_14; reference:url, urlhaus.abuse.ch/url/2730593/; classtype:trojan-activity;sid:83593693; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730213)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sjm5t0ktlepibtv3kgaousspnw3zonom"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_13; reference:url, urlhaus.abuse.ch/url/2730213/; classtype:trojan-activity;sid:83593313; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2730069)"; flow:established,from_client; content:"GET"; http_method; content:"/cronusxd/update/releases/download/programa/universal.cheat.all.games.rar"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_11_12; reference:url, urlhaus.abuse.ch/url/2730069/; classtype:trojan-activity;sid:83593169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729677)"; flow:established,from_client; content:"GET"; http_method; content:"/j-18/"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"134.122.184.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729677/; classtype:trojan-activity;sid:83592777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729649)"; flow:established,from_client; content:"GET"; http_method; content:"/1/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.79.172.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729649/; classtype:trojan-activity;sid:83592749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729643)"; flow:established,from_client; content:"GET"; http_method; content:"/j-3/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.79.172.110"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729643/; classtype:trojan-activity;sid:83592743; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729641)"; flow:established,from_client; content:"GET"; http_method; content:"/j-5/"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"202.79.172.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729641/; classtype:trojan-activity;sid:83592741; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729642)"; flow:established,from_client; content:"GET"; http_method; content:"/1/"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.79.172.93"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_10; reference:url, urlhaus.abuse.ch/url/2729642/; classtype:trojan-activity;sid:83592742; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2729115)"; flow:established,from_client; content:"GET"; http_method; content:"/ns3.jpg"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"sos.vivi.sg"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_09; reference:url, urlhaus.abuse.ch/url/2729115/; classtype:trojan-activity;sid:83592215; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728916)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jmvlc342a-9khhwqofk1aticown34bxe"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728916/; classtype:trojan-activity;sid:83592016; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2728877)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.238.231.91"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_11_08; reference:url, urlhaus.abuse.ch/url/2728877/; classtype:trojan-activity;sid:83591977; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2727082)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/butw0ld4oq"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_11_02; reference:url, urlhaus.abuse.ch/url/2727082/; classtype:trojan-activity;sid:83590182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726994)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1lhnnwoydntgqibsykxwgd32s5xftxvfh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726994/; classtype:trojan-activity;sid:83590094; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726929)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1r8ha5a1gtjvb-3-1be7hpndhbv5yyonu|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726929/; classtype:trojan-activity;sid:83590029; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726928)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1b-v5hs5zslhno9kxookgyibbczphiv_m|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726928/; classtype:trojan-activity;sid:83590028; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726927)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1txdqckk-lg72vbxwzaisonda3smn8tg8|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726927/; classtype:trojan-activity;sid:83590027; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726921)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1oxpqeutyreby186exx4zeofyz0rjocsp"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726921/; classtype:trojan-activity;sid:83590021; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726920)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1e2y5yppu_zjj4o3wmuo-2j8n9lbthkzc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726920/; classtype:trojan-activity;sid:83590020; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726917)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1heka7sgmbcessdhxtvmfwxownz7sipbb"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726917/; classtype:trojan-activity;sid:83590017; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726906)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1_ldguopt2cg7fblntw3ltxgtxqtmlflc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726906/; classtype:trojan-activity;sid:83590006; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726907)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=10lygpyju_dlg3x6r9oslzgblshakstl-"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_11_01; reference:url, urlhaus.abuse.ch/url/2726907/; classtype:trojan-activity;sid:83590007; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726789)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zte2ty_wldnnepgomzi6zqqad7moc4kk"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726789/; classtype:trojan-activity;sid:83589889; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726777)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sqvm1xsoranfnvqst_kkdmn8yhgulm4k"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726777/; classtype:trojan-activity;sid:83589877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726774)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1cz1lqyxis4wvr7nlc71ukekxyhj5xu-l"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_31; reference:url, urlhaus.abuse.ch/url/2726774/; classtype:trojan-activity;sid:83589874; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726693)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1apbgg8cyhbx3l2qaezfjnk9krbmumfbf|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726693/; classtype:trojan-activity;sid:83589793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726592)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1zqzivoxid6wgvjstzd0lg2vxnpnc-puf"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726592/; classtype:trojan-activity;sid:83589692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726576)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.15.176.254"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_30; reference:url, urlhaus.abuse.ch/url/2726576/; classtype:trojan-activity;sid:83589676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726432)"; flow:established,from_client; content:"GET"; http_method; content:"/drakeo03/rbxfpsunlocker-x64-hotfix1/zip/refs/heads/main"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_10_28; reference:url, urlhaus.abuse.ch/url/2726432/; classtype:trojan-activity;sid:83589532; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726089)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gfn3lqd1rvybut4ha-ldl92wt8ysrzfc"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726089/; classtype:trojan-activity;sid:83589189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2726062)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/bxsdhvfnrn"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2726062/; classtype:trojan-activity;sid:83589162; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2725971)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctnmusyjuqkrxgvd6uph5ttb4-sb1zxr"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_26; reference:url, urlhaus.abuse.ch/url/2725971/; classtype:trojan-activity;sid:83589071; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724595)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"101.58.83.134"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_24; reference:url, urlhaus.abuse.ch/url/2724595/; classtype:trojan-activity;sid:83587695; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724594)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.91.96.123"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_24; reference:url, urlhaus.abuse.ch/url/2724594/; classtype:trojan-activity;sid:83587694; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2724547)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.187.36.184"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2724547/; classtype:trojan-activity;sid:83587647; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2723186)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nx37rcyoclifch3waaddhuzclyj4ouue"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_23; reference:url, urlhaus.abuse.ch/url/2723186/; classtype:trojan-activity;sid:83586286; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722769)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.238.228.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_21; reference:url, urlhaus.abuse.ch/url/2722769/; classtype:trojan-activity;sid:83585869; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722771)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.187.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_21; reference:url, urlhaus.abuse.ch/url/2722771/; classtype:trojan-activity;sid:83585871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722704)"; flow:established,from_client; content:"GET"; http_method; content:"/avatar.jpg"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"ircftp.net"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_10_20; reference:url, urlhaus.abuse.ch/url/2722704/; classtype:trojan-activity;sid:83585804; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2722025)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/chromium/launcherchromium.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hwthurmann.de"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_18; reference:url, urlhaus.abuse.ch/url/2722025/; classtype:trojan-activity;sid:83585125; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2721818)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.181.0.146"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_18; reference:url, urlhaus.abuse.ch/url/2721818/; classtype:trojan-activity;sid:83584918; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720834)"; flow:established,from_client; content:"GET"; http_method; content:"/wp/chromium/launcherchromium.zip"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hwthurmann.de"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720834/; classtype:trojan-activity;sid:83583934; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720692)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.219.163.148"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720692/; classtype:trojan-activity;sid:83583792; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720676)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"80.210.35.140"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_15; reference:url, urlhaus.abuse.ch/url/2720676/; classtype:trojan-activity;sid:83583776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720518)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"60.246.119.253"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720518/; classtype:trojan-activity;sid:83583618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2720427)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.213.157.76"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_14; reference:url, urlhaus.abuse.ch/url/2720427/; classtype:trojan-activity;sid:83583527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719604)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"31.182.115.211"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_13; reference:url, urlhaus.abuse.ch/url/2719604/; classtype:trojan-activity;sid:83582704; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719389)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1satmexzn3qpvqzfxnc-5dtnnn8lihdxh"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_12; reference:url, urlhaus.abuse.ch/url/2719389/; classtype:trojan-activity;sid:83582489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719281)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jxxc4l7icdzs0zx0iz7hayfglrujm8ro"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_10_11; reference:url, urlhaus.abuse.ch/url/2719281/; classtype:trojan-activity;sid:83582381; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2719171)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1gwsdcu5mxxo0oq3kiaerlwqqcpxbg74p|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_11; reference:url, urlhaus.abuse.ch/url/2719171/; classtype:trojan-activity;sid:83582271; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2718468)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/1lkc5ccspw"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_09; reference:url, urlhaus.abuse.ch/url/2718468/; classtype:trojan-activity;sid:83581568; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2718427)"; flow:established,from_client; content:"GET"; http_method; content:"/raw/cgeahsl8f7"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"textbin.net"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_10_09; reference:url, urlhaus.abuse.ch/url/2718427/; classtype:trojan-activity;sid:83581527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2718028)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/milahajobffo2308200014bloneysh3ak1112700documentsfor40222pkgsand5462000kgchainlinktotal.zip"; http_uri; depth:101; isdataat:!1,relative; nocase; content:"www.kalp-s.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_08; reference:url, urlhaus.abuse.ch/url/2718028/; classtype:trojan-activity;sid:83581128; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717655)"; flow:established,from_client; content:"GET"; http_method; content:"/tautaracheats-dwnld/tautaracheats/downloads/fortnite_cheat.rar"; http_uri; depth:63; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717655/; classtype:trojan-activity;sid:83580755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717652)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1nmo38gwdllgzyd-hnhpvh9gq81wetj3x|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717652/; classtype:trojan-activity;sid:83580752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717636)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.126.73"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717636/; classtype:trojan-activity;sid:83580736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2717631)"; flow:established,from_client; content:"GET"; http_method; content:"/112s"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_10_06; reference:url, urlhaus.abuse.ch/url/2717631/; classtype:trojan-activity;sid:83580731; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2716462)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"75.88.251.198"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_10_04; reference:url, urlhaus.abuse.ch/url/2716462/; classtype:trojan-activity;sid:83579562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715888)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12zhu5cy9mntlhoz9fq7v9q_-xi-iozmj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_02; reference:url, urlhaus.abuse.ch/url/2715888/; classtype:trojan-activity;sid:83578988; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2715548)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1-5tfbyc52tepabxjdszg1dcqgaizf0m6"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_10_01; reference:url, urlhaus.abuse.ch/url/2715548/; classtype:trojan-activity;sid:83578648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2714956)"; flow:established,from_client; content:"GET"; http_method; content:"/112"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"43.249.172.195"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_29; reference:url, urlhaus.abuse.ch/url/2714956/; classtype:trojan-activity;sid:83578056; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.65.41.210"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_09_22; reference:url, urlhaus.abuse.ch/url/2713260/; classtype:trojan-activity;sid:83576360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2713150)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.101.80"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_21; reference:url, urlhaus.abuse.ch/url/2713150/; classtype:trojan-activity;sid:83576250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712695)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1re8ewllfl3pjf1m1ywjwjwbitzqqmhjs|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_09_20; reference:url, urlhaus.abuse.ch/url/2712695/; classtype:trojan-activity;sid:83575795; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712484)"; flow:established,from_client; content:"GET"; http_method; content:"/test/test.exe"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"pouya.blob.core.windows.net"; http_host; depth:27; isdataat:!1,relative; metadata:created_at 2023_09_19; reference:url, urlhaus.abuse.ch/url/2712484/; classtype:trojan-activity;sid:83575584; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2712386)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"39.126.203.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_09_18; reference:url, urlhaus.abuse.ch/url/2712386/; classtype:trojan-activity;sid:83575486; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2710466)"; flow:established,from_client; content:"GET"; http_method; content:"//cryps/q9/dll3f3.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_08; reference:url, urlhaus.abuse.ch/url/2710466/; classtype:trojan-activity;sid:83573566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2710464)"; flow:established,from_client; content:"GET"; http_method; content:"//cryps/q9/pef3.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_09_08; reference:url, urlhaus.abuse.ch/url/2710464/; classtype:trojan-activity;sid:83573564; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708293)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/mounmeinlylo/6qaezk/68ca2fb6aac2a81f027f3153f0d611c70af8c116/files/file"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_30; reference:url, urlhaus.abuse.ch/url/2708293/; classtype:trojan-activity;sid:83571393; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2708266)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1ekcinmskddduir6reyjrjyzvcyw-1idj|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_08_30; reference:url, urlhaus.abuse.ch/url/2708266/; classtype:trojan-activity;sid:83571366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2707814)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"108.190.56.144"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_28; reference:url, urlhaus.abuse.ch/url/2707814/; classtype:trojan-activity;sid:83570914; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2707384)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/mounmeinlylo/6qano5/2aa998bdd45ea12f5552d98e8e28825a5a95cc86/files/file"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_26; reference:url, urlhaus.abuse.ch/url/2707384/; classtype:trojan-activity;sid:83570484; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2706939)"; flow:established,from_client; content:"GET"; http_method; content:"/!api/2.0/snippets/mounmeinlylo/bqaeer/5b924a1aa7fee2cb51377a9085ed3793f6a749a7/files/file"; http_uri; depth:90; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_25; reference:url, urlhaus.abuse.ch/url/2706939/; classtype:trojan-activity;sid:83570039; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705628)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"90.68.161.157"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_20; reference:url, urlhaus.abuse.ch/url/2705628/; classtype:trojan-activity;sid:83568728; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2705125)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"188.158.121.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_08_17; reference:url, urlhaus.abuse.ch/url/2705125/; classtype:trojan-activity;sid:83568225; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704717)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.143.220.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_15; reference:url, urlhaus.abuse.ch/url/2704717/; classtype:trojan-activity;sid:83567817; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2704162)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.36.68.156"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_08_13; reference:url, urlhaus.abuse.ch/url/2704162/; classtype:trojan-activity;sid:83567262; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2703942)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"39.126.203.159"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_11; reference:url, urlhaus.abuse.ch/url/2703942/; classtype:trojan-activity;sid:83567042; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2699237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"89.135.142.235"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_05; reference:url, urlhaus.abuse.ch/url/2699237/; classtype:trojan-activity;sid:83562337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2695319)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_08_01; reference:url, urlhaus.abuse.ch/url/2695319/; classtype:trojan-activity;sid:83558419; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2693150)"; flow:established,from_client; content:"GET"; http_method; content:"/housenetshare.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"stdown.dinju.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_31; reference:url, urlhaus.abuse.ch/url/2693150/; classtype:trojan-activity;sid:83556250; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692122)"; flow:established,from_client; content:"GET"; http_method; content:"/asas.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"vmi1159541.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_07_29; reference:url, urlhaus.abuse.ch/url/2692122/; classtype:trojan-activity;sid:83555222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692120)"; flow:established,from_client; content:"GET"; http_method; content:"/elevator.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"vmi1159541.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_07_29; reference:url, urlhaus.abuse.ch/url/2692120/; classtype:trojan-activity;sid:83555220; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2692121)"; flow:established,from_client; content:"GET"; http_method; content:"/robluxcoins.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"vmi1159541.contaboserver.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2023_07_29; reference:url, urlhaus.abuse.ch/url/2692121/; classtype:trojan-activity;sid:83555221; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2691805)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"113.214.56.231"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_28; reference:url, urlhaus.abuse.ch/url/2691805/; classtype:trojan-activity;sid:83554905; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2689489)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jvqaqhw3wrdy09sf69rsggxmk_jl7lz5"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_25; reference:url, urlhaus.abuse.ch/url/2689489/; classtype:trojan-activity;sid:83552589; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2688262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.194.46.204"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_23; reference:url, urlhaus.abuse.ch/url/2688262/; classtype:trojan-activity;sid:83551362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687872)"; flow:established,from_client; content:"GET"; http_method; content:"/new.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"resourceedge.org"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687872/; classtype:trojan-activity;sid:83550972; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687497)"; flow:established,from_client; content:"GET"; http_method; content:"/elevator.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687497/; classtype:trojan-activity;sid:83550597; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687498)"; flow:established,from_client; content:"GET"; http_method; content:"/asas.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"209.145.51.44"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_22; reference:url, urlhaus.abuse.ch/url/2687498/; classtype:trojan-activity;sid:83550598; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2687083)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"24.153.218.165"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_07_21; reference:url, urlhaus.abuse.ch/url/2687083/; classtype:trojan-activity;sid:83550183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2685030)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1kavuowl0c1mms_vtxozw-cwq7hwto0el|7c|26|7c|export=download|7c|26|7c|authuser=0"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2685030/; classtype:trojan-activity;sid:83548130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2684828)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.50.137"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_18; reference:url, urlhaus.abuse.ch/url/2684828/; classtype:trojan-activity;sid:83547928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2682047)"; flow:established,from_client; content:"GET"; http_method; content:"/yfrfklulpjtnvv25.bin"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"diclegrup.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_13; reference:url, urlhaus.abuse.ch/url/2682047/; classtype:trojan-activity;sid:83545147; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2679173)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"68.230.16.241"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_09; reference:url, urlhaus.abuse.ch/url/2679173/; classtype:trojan-activity;sid:83542273; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678669)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/sp/q2s.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678669/; classtype:trojan-activity;sid:83541769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678670)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/rmz.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678670/; classtype:trojan-activity;sid:83541770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678671)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/t3.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678671/; classtype:trojan-activity;sid:83541771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678672)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/q7/dllf3.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678672/; classtype:trojan-activity;sid:83541772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678673)"; flow:established,from_client; content:"GET"; http_method; content:"/green/rx/nuevadll.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678673/; classtype:trojan-activity;sid:83541773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678674)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/r.txt"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678674/; classtype:trojan-activity;sid:83541774; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678675)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/q7/qwer/dllf3.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678675/; classtype:trojan-activity;sid:83541775; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678676)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/q7.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678676/; classtype:trojan-activity;sid:83541776; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678677)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/rm.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678677/; classtype:trojan-activity;sid:83541777; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678655)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/new24/dllf3.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678655/; classtype:trojan-activity;sid:83541755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678656)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/new25/crypdas.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678656/; classtype:trojan-activity;sid:83541756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678657)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/lx6.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678657/; classtype:trojan-activity;sid:83541757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678658)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/new23/pef3.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678658/; classtype:trojan-activity;sid:83541758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678659)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/new24/pe03.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678659/; classtype:trojan-activity;sid:83541759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678660)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/ny1.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678660/; classtype:trojan-activity;sid:83541760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678661)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/sp/mc/bandi99.txt"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678661/; classtype:trojan-activity;sid:83541761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678662)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/nx.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678662/; classtype:trojan-activity;sid:83541762; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678663)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/zx2.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678663/; classtype:trojan-activity;sid:83541763; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678664)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/njx.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678664/; classtype:trojan-activity;sid:83541764; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678665)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/arrw.txt"; http_uri; depth:20; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678665/; classtype:trojan-activity;sid:83541765; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678666)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/async.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678666/; classtype:trojan-activity;sid:83541766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678667)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/masterxls/dll.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678667/; classtype:trojan-activity;sid:83541767; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678668)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/q1.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678668/; classtype:trojan-activity;sid:83541768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678648)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/q7/qwer/pef3.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678648/; classtype:trojan-activity;sid:83541748; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678649)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/q7/pef3.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678649/; classtype:trojan-activity;sid:83541749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678650)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/masterxls/pef3new.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678650/; classtype:trojan-activity;sid:83541750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678651)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/sp/nxj.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678651/; classtype:trojan-activity;sid:83541751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678652)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/nj.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678652/; classtype:trojan-activity;sid:83541752; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678653)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/arhvn.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678653/; classtype:trojan-activity;sid:83541753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678654)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/l8.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678654/; classtype:trojan-activity;sid:83541754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678620)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/new24/dllf3.txt"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678620/; classtype:trojan-activity;sid:83541720; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678615)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/new24/pe03.txt"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678615/; classtype:trojan-activity;sid:83541715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678616)"; flow:established,from_client; content:"GET"; http_method; content:"/new/mofers/njz.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678616/; classtype:trojan-activity;sid:83541716; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2678477)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"83.234.203.16"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_08; reference:url, urlhaus.abuse.ch/url/2678477/; classtype:trojan-activity;sid:83541577; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2677015)"; flow:established,from_client; content:"GET"; http_method; content:"/workker300066/partners/downloads/project_8.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2677015/; classtype:trojan-activity;sid:83540115; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676880)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/qmydsnl.dll"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676880/; classtype:trojan-activity;sid:83539980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2676879)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-includes/id3/apctntoca.bmp"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"lostheaven.com.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_07_05; reference:url, urlhaus.abuse.ch/url/2676879/; classtype:trojan-activity;sid:83539979; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675825)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uh8squz6doag3ywzn7rpx0k5jfze9r6d"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_07_03; reference:url, urlhaus.abuse.ch/url/2675825/; classtype:trojan-activity;sid:83538925; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2675524)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"45.87.5.2"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2023_07_02; reference:url, urlhaus.abuse.ch/url/2675524/; classtype:trojan-activity;sid:83538624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2674155)"; flow:established,from_client; content:"GET"; http_method; content:"/samesaaa/123/downloads/tjeajweeeh.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_30; reference:url, urlhaus.abuse.ch/url/2674155/; classtype:trojan-activity;sid:83537255; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2672273)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1vi2wqh_zcpd3b6thl70mdflfywpajesa|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_06_26; reference:url, urlhaus.abuse.ch/url/2672273/; classtype:trojan-activity;sid:83535373; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2668530)"; flow:established,from_client; content:"GET"; http_method; content:"/frozenthrone1337/yeah/downloads/64.dll"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_21; reference:url, urlhaus.abuse.ch/url/2668530/; classtype:trojan-activity;sid:83531630; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2664821)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"129.122.98.12"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_17; reference:url, urlhaus.abuse.ch/url/2664821/; classtype:trojan-activity;sid:83527921; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2664165)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"27.71.59.7"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_06_16; reference:url, urlhaus.abuse.ch/url/2664165/; classtype:trojan-activity;sid:83527265; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2662089)"; flow:established,from_client; content:"GET"; http_method; content:"/worldofsoft1/soft/downloads/soft.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2662089/; classtype:trojan-activity;sid:83525189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2662056)"; flow:established,from_client; content:"GET"; http_method; content:"/_framework/abc.client.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"pagamento.afya.com.br"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2662056/; classtype:trojan-activity;sid:83525156; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661661)"; flow:established,from_client; content:"GET"; http_method; content:"/arm7"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661661/; classtype:trojan-activity;sid:83524761; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661657)"; flow:established,from_client; content:"GET"; http_method; content:"/m68k"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661657/; classtype:trojan-activity;sid:83524757; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661658)"; flow:established,from_client; content:"GET"; http_method; content:"/mpsl"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661658/; classtype:trojan-activity;sid:83524758; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661659)"; flow:established,from_client; content:"GET"; http_method; content:"/arm6"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661659/; classtype:trojan-activity;sid:83524759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661660)"; flow:established,from_client; content:"GET"; http_method; content:"/mips"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661660/; classtype:trojan-activity;sid:83524760; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661653)"; flow:established,from_client; content:"GET"; http_method; content:"/arm"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661653/; classtype:trojan-activity;sid:83524753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661654)"; flow:established,from_client; content:"GET"; http_method; content:"/arm5"; http_uri; depth:5; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661654/; classtype:trojan-activity;sid:83524754; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661655)"; flow:established,from_client; content:"GET"; http_method; content:"/ppc"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661655/; classtype:trojan-activity;sid:83524755; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661656)"; flow:established,from_client; content:"GET"; http_method; content:"/sh4"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"217.114.43.149"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661656/; classtype:trojan-activity;sid:83524756; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2661553)"; flow:established,from_client; content:"GET"; http_method; content:"/apilogic2023/api/downloads/password_2022_installer.rar"; http_uri; depth:55; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_15; reference:url, urlhaus.abuse.ch/url/2661553/; classtype:trojan-activity;sid:83524653; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2658185)"; flow:established,from_client; content:"GET"; http_method; content:"/contore/update/downloads/password_2022_installer.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_06_12; reference:url, urlhaus.abuse.ch/url/2658185/; classtype:trojan-activity;sid:83521285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640781)"; flow:established,from_client; content:"GET"; http_method; content:"/public/f1.php"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"servisaludocupacional.pe"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2023_05_25; reference:url, urlhaus.abuse.ch/url/2640781/; classtype:trojan-activity;sid:83503881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2640280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"98.14.183.227"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_24; reference:url, urlhaus.abuse.ch/url/2640280/; classtype:trojan-activity;sid:83503380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2637944)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_05_21; reference:url, urlhaus.abuse.ch/url/2637944/; classtype:trojan-activity;sid:83501044; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2636860)"; flow:established,from_client; content:"GET"; http_method; content:"/fdfffdfdd/sasa/downloads/crypted.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_19; reference:url, urlhaus.abuse.ch/url/2636860/; classtype:trojan-activity;sid:83499960; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2632406)"; flow:established,from_client; content:"GET"; http_method; content:"/myworkescxz/meyca/downloads/soft.rar"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_15; reference:url, urlhaus.abuse.ch/url/2632406/; classtype:trojan-activity;sid:83495506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2629977)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=t|7c|26|7c|id=145b1fbjtyee3w1rjsazo7hzcoiiaxzum|7c|26|7c|uuid=eb581596-9566-4a21-b3b6-e6909eb42ff6|7c|26|7c|at=akkf8vzrltviqrn7wljfjcwisgcc:1683793107077"; http_uri; depth:193; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_05_11; reference:url, urlhaus.abuse.ch/url/2629977/; classtype:trojan-activity;sid:83493077; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2621766)"; flow:established,from_client; content:"GET"; http_method; content:"/jwgo-software/software_good/downloads/svcpjuhbt.exe"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_05_01; reference:url, urlhaus.abuse.ch/url/2621766/; classtype:trojan-activity;sid:83484866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2618340)"; flow:established,from_client; content:"GET"; http_method; content:"/nxmr.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_26; reference:url, urlhaus.abuse.ch/url/2618340/; classtype:trojan-activity;sid:83481440; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615396)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.100.5.56"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615396/; classtype:trojan-activity;sid:83478496; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615316)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.34.177.78"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615316/; classtype:trojan-activity;sid:83478416; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.208.56.60"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615314/; classtype:trojan-activity;sid:83478414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615290)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.43.7.94"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615290/; classtype:trojan-activity;sid:83478390; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615287)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.49.47.190"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615287/; classtype:trojan-activity;sid:83478387; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615283)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"77.65.45.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615283/; classtype:trojan-activity;sid:83478383; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615280)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.93.41.223"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615280/; classtype:trojan-activity;sid:83478380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615268)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"197.210.197.185"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615268/; classtype:trojan-activity;sid:83478368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615266)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.166.220.109"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615266/; classtype:trojan-activity;sid:83478366; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615262)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"200.81.127.208"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615262/; classtype:trojan-activity;sid:83478362; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615260)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"195.22.237.98"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615260/; classtype:trojan-activity;sid:83478360; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615259)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"201.20.122.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615259/; classtype:trojan-activity;sid:83478359; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615258)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"124.153.20.102"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615258/; classtype:trojan-activity;sid:83478358; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615252)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.204.212.82"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615252/; classtype:trojan-activity;sid:83478352; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615246)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.127.90.14"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615246/; classtype:trojan-activity;sid:83478346; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615245)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.235.189.104"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615245/; classtype:trojan-activity;sid:83478345; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2615243)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.84.37.101"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_21; reference:url, urlhaus.abuse.ch/url/2615243/; classtype:trojan-activity;sid:83478343; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612791)"; flow:established,from_client; content:"GET"; http_method; content:"/foxxlrep/repo/downloads/za.xlsx"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612791/; classtype:trojan-activity;sid:83475891; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612792)"; flow:established,from_client; content:"GET"; http_method; content:"/foxxlrep/repo/downloads/zip.zip"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612792/; classtype:trojan-activity;sid:83475892; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2612790)"; flow:established,from_client; content:"GET"; http_method; content:"/foxxlrep/repo/downloads/newf.dotm"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_18; reference:url, urlhaus.abuse.ch/url/2612790/; classtype:trojan-activity;sid:83475890; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2604132)"; flow:established,from_client; content:"GET"; http_method; content:"/rpvpov0nqt/rpvpov0nqt/downloads/fortnite_hack.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_10; reference:url, urlhaus.abuse.ch/url/2604132/; classtype:trojan-activity;sid:83467232; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2604131)"; flow:established,from_client; content:"GET"; http_method; content:"/rpvpov0nqt/rpvpov0nqt/downloads/roblox_doors_src.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_10; reference:url, urlhaus.abuse.ch/url/2604131/; classtype:trojan-activity;sid:83467231; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2603691)"; flow:established,from_client; content:"GET"; http_method; content:"/rpvpov0nqt/rpvpov0nqt/downloads/new_kiddions.rar"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_09; reference:url, urlhaus.abuse.ch/url/2603691/; classtype:trojan-activity;sid:83466791; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2601085)"; flow:established,from_client; content:"GET"; http_method; content:"/softwarefiles/fulldownloadhere/downloads/main_setups_full_version.rar"; http_uri; depth:70; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_07; reference:url, urlhaus.abuse.ch/url/2601085/; classtype:trojan-activity;sid:83464185; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2598926)"; flow:established,from_client; content:"GET"; http_method; content:"/4afziyfqzm/afziyfqzm/downloads/new_kiddions.rar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_05; reference:url, urlhaus.abuse.ch/url/2598926/; classtype:trojan-activity;sid:83462026; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2596500)"; flow:established,from_client; content:"GET"; http_method; content:"/rpoverka/zhopa/downloads/1bz7kfahvu.exe"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_04; reference:url, urlhaus.abuse.ch/url/2596500/; classtype:trojan-activity;sid:83459600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2596499)"; flow:established,from_client; content:"GET"; http_method; content:"/rpoverka/zhopa/downloads/systemupdate.exe"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_04_04; reference:url, urlhaus.abuse.ch/url/2596499/; classtype:trojan-activity;sid:83459599; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2582583)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.57.183.186"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_03_23; reference:url, urlhaus.abuse.ch/url/2582583/; classtype:trojan-activity;sid:83445683; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2581006)"; flow:established,from_client; content:"GET"; http_method; content:"/salatikochen/salatapps/archive/refs/heads/main.zip"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2581006/; classtype:trojan-activity;sid:83444106; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2580812)"; flow:established,from_client; content:"GET"; http_method; content:"/download-aa/download_aaa/downloads/kiddions_mod_menu.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_22; reference:url, urlhaus.abuse.ch/url/2580812/; classtype:trojan-activity;sid:83443912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2580185)"; flow:established,from_client; content:"GET"; http_method; content:"/forum/vjak1cx/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"techniguitare.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2023_03_21; reference:url, urlhaus.abuse.ch/url/2580185/; classtype:trojan-activity;sid:83443285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2577714)"; flow:established,from_client; content:"GET"; http_method; content:"/neironner/app/downloads/appwesoft.rar"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_19; reference:url, urlhaus.abuse.ch/url/2577714/; classtype:trojan-activity;sid:83440814; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572394)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/agenzia_entrate.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572394/; classtype:trojan-activity;sid:83435494; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572395)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/azienda.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572395/; classtype:trojan-activity;sid:83435495; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572392)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/contratto.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572392/; classtype:trojan-activity;sid:83435492; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572393)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/direzione.zip"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572393/; classtype:trojan-activity;sid:83435493; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572388)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/cliente.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572388/; classtype:trojan-activity;sid:83435488; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572389)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/agenziaentrate.zip"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572389/; classtype:trojan-activity;sid:83435489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572390)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/marzo.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572390/; classtype:trojan-activity;sid:83435490; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2572391)"; flow:established,from_client; content:"GET"; http_method; content:"/filial/impresa.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"suakhoaketsattphcm.com"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2023_03_15; reference:url, urlhaus.abuse.ch/url/2572391/; classtype:trojan-activity;sid:83435491; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2568556)"; flow:established,from_client; content:"GET"; http_method; content:"/jhjhhjhjjhhj/regge/downloads/f%d0%bertnit%d0%b5_h%d0%a1.rar"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_13; reference:url, urlhaus.abuse.ch/url/2568556/; classtype:trojan-activity;sid:83431656; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2567740)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/gtavnew/downloads/kiddions_menu.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_12; reference:url, urlhaus.abuse.ch/url/2567740/; classtype:trojan-activity;sid:83430840; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2566099)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/warzone_2.0_unlock_tool_aim_esp/downloads/warzone_2.0_unlock_tool_aim_esp.rar"; http_uri; depth:84; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_11; reference:url, urlhaus.abuse.ch/url/2566099/; classtype:trojan-activity;sid:83429199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2563159)"; flow:established,from_client; content:"GET"; http_method; content:"/u/1/uc|3f|id=1uq00qoghsvrdaayru6cjrd9pctx-dknv|7c|26|7c|export=download"; http_uri; depth:72; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2563159/; classtype:trojan-activity;sid:83426259; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2562937)"; flow:established,from_client; content:"GET"; http_method; content:"/b512c9bf0b/rnlgmamvrrbyey3nzb/"; http_uri; depth:31; isdataat:!1,relative; nocase; content:"ns1.koleso.tc"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_08; reference:url, urlhaus.abuse.ch/url/2562937/; classtype:trojan-activity;sid:83426037; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2559185)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.240.7.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_05; reference:url, urlhaus.abuse.ch/url/2559185/; classtype:trojan-activity;sid:83422285; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2556466)"; flow:established,from_client; content:"GET"; http_method; content:"/zesoftwares/zesoft/downloads/zesoftapp.rar"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_03; reference:url, urlhaus.abuse.ch/url/2556466/; classtype:trojan-activity;sid:83419566; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2556232)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.240.7.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_03; reference:url, urlhaus.abuse.ch/url/2556232/; classtype:trojan-activity;sid:83419332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2555659)"; flow:established,from_client; content:"GET"; http_method; content:"/u/0/uc|3f|id=1prfxr7v6xwfvjnk9nlcnb5u0leqydzlg|7c|26|7c|export=download/|3f|q="; http_uri; depth:79; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2555659/; classtype:trojan-activity;sid:83418759; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2554979)"; flow:established,from_client; content:"GET"; http_method; content:"/valentinomaseratti/symphitems/downloads/passw_items_applicationsetupfile14.1.rar"; http_uri; depth:81; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_02; reference:url, urlhaus.abuse.ch/url/2554979/; classtype:trojan-activity;sid:83418079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2554059)"; flow:established,from_client; content:"GET"; http_method; content:"/download-aa/download_aaa/downloads/fortnite_hack.rar"; http_uri; depth:53; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_01; reference:url, urlhaus.abuse.ch/url/2554059/; classtype:trojan-activity;sid:83417159; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2553981)"; flow:established,from_client; content:"GET"; http_method; content:"/shgz2/sghz3/downloads/fortnie_hack.rar"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_03_01; reference:url, urlhaus.abuse.ch/url/2553981/; classtype:trojan-activity;sid:83417081; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2551753)"; flow:established,from_client; content:"GET"; http_method; content:"/easy-s0ft/easys0ft/downloads/fortnite_hack.rar"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_27; reference:url, urlhaus.abuse.ch/url/2551753/; classtype:trojan-activity;sid:83414853; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2545788)"; flow:established,from_client; content:"GET"; http_method; content:"/tedburke/commandcam/archive/refs/heads/master.zip"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2023_02_20; reference:url, urlhaus.abuse.ch/url/2545788/; classtype:trojan-activity;sid:83408888; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540038)"; flow:established,from_client; content:"GET"; http_method; content:"/shgz2/sghz3/downloads/kiddions_mod_menu.rar"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540038/; classtype:trojan-activity;sid:83403138; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2540034)"; flow:established,from_client; content:"GET"; http_method; content:"/unlockteame/unlimited/zip/refs/heads/main"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2023_02_14; reference:url, urlhaus.abuse.ch/url/2540034/; classtype:trojan-activity;sid:83403134; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2530828)"; flow:established,from_client; content:"GET"; http_method; content:"/pei.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_02_05; reference:url, urlhaus.abuse.ch/url/2530828/; classtype:trojan-activity;sid:83393928; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2524967)"; flow:established,from_client; content:"GET"; http_method; content:"/neonbatsv4/neonbats2/downloads/neonbatsloader.rar"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_01; reference:url, urlhaus.abuse.ch/url/2524967/; classtype:trojan-activity;sid:83388067; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2524963)"; flow:established,from_client; content:"GET"; http_method; content:"/adobeofficial/adobeofficiall/downloads/setup_en_x64.zip"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_02_01; reference:url, urlhaus.abuse.ch/url/2524963/; classtype:trojan-activity;sid:83388063; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2519785)"; flow:established,from_client; content:"GET"; http_method; content:"/2/ninja.exe"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"103.133.214.139"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_27; reference:url, urlhaus.abuse.ch/url/2519785/; classtype:trojan-activity;sid:83382885; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517796)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1c6tgo9uoo-xxvvecmzzimumznzj34bpi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2023_01_25; reference:url, urlhaus.abuse.ch/url/2517796/; classtype:trojan-activity;sid:83380896; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517462)"; flow:established,from_client; content:"GET"; http_method; content:"/kb824105-x86-enu.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"microsecurityupdate.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517462/; classtype:trojan-activity;sid:83380562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517268)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517268/; classtype:trojan-activity;sid:83380368; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517269)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517269/; classtype:trojan-activity;sid:83380369; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517271)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517271/; classtype:trojan-activity;sid:83380371; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2517272)"; flow:established,from_client; content:"GET"; http_method; content:"/pinf.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_24; reference:url, urlhaus.abuse.ch/url/2517272/; classtype:trojan-activity;sid:83380372; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513702)"; flow:established,from_client; content:"GET"; http_method; content:"/3"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513702/; classtype:trojan-activity;sid:83376802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513700)"; flow:established,from_client; content:"GET"; http_method; content:"/4"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513700/; classtype:trojan-activity;sid:83376800; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2513699)"; flow:established,from_client; content:"GET"; http_method; content:"/2"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2023_01_20; reference:url, urlhaus.abuse.ch/url/2513699/; classtype:trojan-activity;sid:83376799; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2496330)"; flow:established,from_client; content:"GET"; http_method; content:"/lucianoeasy1/whythefuckareutryingtotrackthishttpdebuggerlol/raw/67c59c70dfb800fa2bf21b3217e2485221c20428/fund.exe"; http_uri; depth:114; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2023_01_04; reference:url, urlhaus.abuse.ch/url/2496330/; classtype:trojan-activity;sid:83359430; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478668)"; flow:established,from_client; content:"GET"; http_method; content:"/green/zxc/zas/dllf3.txt"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478668/; classtype:trojan-activity;sid:83341768; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478669)"; flow:established,from_client; content:"GET"; http_method; content:"/green/rxwer/dllf3.txt"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478669/; classtype:trojan-activity;sid:83341769; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478670)"; flow:established,from_client; content:"GET"; http_method; content:"/green/rx/f3dll.txt"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478670/; classtype:trojan-activity;sid:83341770; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478671)"; flow:established,from_client; content:"GET"; http_method; content:"/green/rxwer/fepe.txt"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478671/; classtype:trojan-activity;sid:83341771; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478672)"; flow:established,from_client; content:"GET"; http_method; content:"/green/zxc/zas/pef3.txt"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478672/; classtype:trojan-activity;sid:83341772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2478673)"; flow:established,from_client; content:"GET"; http_method; content:"/green/rx/f3pe.txt"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_21; reference:url, urlhaus.abuse.ch/url/2478673/; classtype:trojan-activity;sid:83341773; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2474098)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/masterxls/pef3new.txt"; http_uri; depth:34; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_20; reference:url, urlhaus.abuse.ch/url/2474098/; classtype:trojan-activity;sid:83337198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2474099)"; flow:established,from_client; content:"GET"; http_method; content:"/cryps/qwers/masterxls/dll.txt"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"91.213.50.74"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_12_20; reference:url, urlhaus.abuse.ch/url/2474099/; classtype:trojan-activity;sid:83337199; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2466408)"; flow:established,from_client; content:"GET"; http_method; content:"/sys.x86_64"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"194.38.23.2"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_12_16; reference:url, urlhaus.abuse.ch/url/2466408/; classtype:trojan-activity;sid:83329508; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2453522)"; flow:established,from_client; content:"GET"; http_method; content:"/wfwfwe2/2/downloads/softinstall.rar"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_10; reference:url, urlhaus.abuse.ch/url/2453522/; classtype:trojan-activity;sid:83316622; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2448650)"; flow:established,from_client; content:"GET"; http_method; content:"/x/3sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.106.167.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_12_06; reference:url, urlhaus.abuse.ch/url/2448650/; classtype:trojan-activity;sid:83311750; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2448651)"; flow:established,from_client; content:"GET"; http_method; content:"/x/1sh"; http_uri; depth:6; isdataat:!1,relative; nocase; content:"113.106.167.11"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_12_06; reference:url, urlhaus.abuse.ch/url/2448651/; classtype:trojan-activity;sid:83311751; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2445055)"; flow:established,from_client; content:"GET"; http_method; content:"/112download/browser/downloads/onionbrowser.rar"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_05; reference:url, urlhaus.abuse.ch/url/2445055/; classtype:trojan-activity;sid:83308155; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2444693)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/rust-aim-esp/downloads/rust_aimesp.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_05; reference:url, urlhaus.abuse.ch/url/2444693/; classtype:trojan-activity;sid:83307793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441528)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/kiddions_menu/downloads/kiddions_menu.rar"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_12_02; reference:url, urlhaus.abuse.ch/url/2441528/; classtype:trojan-activity;sid:83304628; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2441027)"; flow:established,from_client; content:"GET"; http_method; content:"/dl/idr/v3/pub/idrb5event.exe"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"update.itopvpn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2022_12_01; reference:url, urlhaus.abuse.ch/url/2441027/; classtype:trojan-activity;sid:83304127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440082)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/token%20grabber.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440082/; classtype:trojan-activity;sid:83303182; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2440081)"; flow:established,from_client; content:"GET"; http_method; content:"/moom825/discord-rat-2.0/raw/master/discord%20rat/resources/passwordstealer.dll"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2440081/; classtype:trojan-activity;sid:83303181; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2439091)"; flow:established,from_client; content:"GET"; http_method; content:"/pavelalekseev11/346346/downloads/socks5-clean.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_30; reference:url, urlhaus.abuse.ch/url/2439091/; classtype:trojan-activity;sid:83302191; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2435505)"; flow:established,from_client; content:"GET"; http_method; content:"/aneex/gtaaaaa/downloads/kiddions_menu.rar"; http_uri; depth:42; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_28; reference:url, urlhaus.abuse.ch/url/2435505/; classtype:trojan-activity;sid:83298605; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2433701)"; flow:established,from_client; content:"GET"; http_method; content:"/slack-files/windows/downloads/siacksetupwin.iso"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_26; reference:url, urlhaus.abuse.ch/url/2433701/; classtype:trojan-activity;sid:83296801; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2433294)"; flow:established,from_client; content:"GET"; http_method; content:"/upd/loaderavx.exe"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"updates.ultimate-fakkers.co.network"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2022_11_26; reference:url, urlhaus.abuse.ch/url/2433294/; classtype:trojan-activity;sid:83296394; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2425972)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|confirm=no_antivirus|7c|26|7c|id=1cpaqimeblbmxrxoli6d3cczgkrbzpy8_"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_11_18; reference:url, urlhaus.abuse.ch/url/2425972/; classtype:trojan-activity;sid:83289072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2423598)"; flow:established,from_client; content:"GET"; http_method; content:"/twztl.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2423598/; classtype:trojan-activity;sid:83286698; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2422299)"; flow:established,from_client; content:"GET"; http_method; content:"/abtc8mhlbehqil.exe"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"www.sunglassesninja.com"; http_host; depth:23; isdataat:!1,relative; metadata:created_at 2022_11_17; reference:url, urlhaus.abuse.ch/url/2422299/; classtype:trojan-activity;sid:83285399; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414398)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/%d0%a1s_g%d0%9e_ch%d0%90ng%d0%95r.rar"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414398/; classtype:trojan-activity;sid:83277498; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414362)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/sonic_frontiers_cracked.rar"; http_uri; depth:57; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414362/; classtype:trojan-activity;sid:83277462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414361)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/g%d0%bed_of_war_ragnar%d0%bek_cr%d0%b0%d1%81k.rar"; http_uri; depth:79; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414361/; classtype:trojan-activity;sid:83277461; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2414174)"; flow:established,from_client; content:"GET"; http_method; content:"/greeeengo/xcaseasd/downloads/5m_mod_menu.rar"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_16; reference:url, urlhaus.abuse.ch/url/2414174/; classtype:trojan-activity;sid:83277274; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2412427)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.91.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_11_15; reference:url, urlhaus.abuse.ch/url/2412427/; classtype:trojan-activity;sid:83275527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408626)"; flow:established,from_client; content:"GET"; http_method; content:"/downcloud-load-ad/ads1022/downloads/afterburner.zip"; http_uri; depth:52; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_12; reference:url, urlhaus.abuse.ch/url/2408626/; classtype:trojan-activity;sid:83271726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2408069)"; flow:established,from_client; content:"GET"; http_method; content:"/analytics/zy5ntk/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"fromthetrenchesworldreport.com"; http_host; depth:30; isdataat:!1,relative; metadata:created_at 2022_11_11; reference:url, urlhaus.abuse.ch/url/2408069/; classtype:trojan-activity;sid:83271169; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2406518)"; flow:established,from_client; content:"GET"; http_method; content:"/osaka123/mahoa1/downloads/suburbanskamacite.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"bitbucket.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_10; reference:url, urlhaus.abuse.ch/url/2406518/; classtype:trojan-activity;sid:83269618; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2403434)"; flow:established,from_client; content:"GET"; http_method; content:"/down/fw/fw.exe"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"tengfeidn.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_11_07; reference:url, urlhaus.abuse.ch/url/2403434/; classtype:trojan-activity;sid:83266534; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314482)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"123.240.7.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314482/; classtype:trojan-activity;sid:83177582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2314465)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"123.240.7.168"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_26; reference:url, urlhaus.abuse.ch/url/2314465/; classtype:trojan-activity;sid:83177565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2312083)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.91.54.34"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_23; reference:url, urlhaus.abuse.ch/url/2312083/; classtype:trojan-activity;sid:83175183; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2309515)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"118.233.243.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_09_22; reference:url, urlhaus.abuse.ch/url/2309515/; classtype:trojan-activity;sid:83172615; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2309507)"; flow:established,from_client; content:"GET"; http_method; content:"/bin.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"118.233.243.14"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_09_22; reference:url, urlhaus.abuse.ch/url/2309507/; classtype:trojan-activity;sid:83172607; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2303232)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.81.131.98"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_15; reference:url, urlhaus.abuse.ch/url/2303232/; classtype:trojan-activity;sid:83166332; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2301947)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"5.201.176.87"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_13; reference:url, urlhaus.abuse.ch/url/2301947/; classtype:trojan-activity;sid:83165047; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2299649)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=166umzeeolcirtwvqvmwcselvekuk4ihn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_09_11; reference:url, urlhaus.abuse.ch/url/2299649/; classtype:trojan-activity;sid:83162749; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2296313)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"2.180.9.57"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_09_07; reference:url, urlhaus.abuse.ch/url/2296313/; classtype:trojan-activity;sid:83159413; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2290030)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"91.92.188.72"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2290030/; classtype:trojan-activity;sid:83153130; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2289762)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.174.82.174"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_09_02; reference:url, urlhaus.abuse.ch/url/2289762/; classtype:trojan-activity;sid:83152862; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2277626)"; flow:established,from_client; content:"GET"; http_method; content:"/f84nls2/plugins/cred.dll"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"185.215.113.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_08_25; reference:url, urlhaus.abuse.ch/url/2277626/; classtype:trojan-activity;sid:83140726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2276923)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.13.133.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_08_24; reference:url, urlhaus.abuse.ch/url/2276923/; classtype:trojan-activity;sid:83140023; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274787)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274787/; classtype:trojan-activity;sid:83137887; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2274783)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.66"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_19; reference:url, urlhaus.abuse.ch/url/2274783/; classtype:trojan-activity;sid:83137883; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2271925)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"217.218.139.205"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_08_12; reference:url, urlhaus.abuse.ch/url/2271925/; classtype:trojan-activity;sid:83135025; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2267284)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.38.24.186"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_08_06; reference:url, urlhaus.abuse.ch/url/2267284/; classtype:trojan-activity;sid:83130384; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2263623)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"122.165.55.223"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_08_01; reference:url, urlhaus.abuse.ch/url/2263623/; classtype:trojan-activity;sid:83126723; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2261300)"; flow:established,from_client; content:"GET"; http_method; content:"/opencart/system/library/cache/.cache/loader.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"www.maxmoney.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_07_26; reference:url, urlhaus.abuse.ch/url/2261300/; classtype:trojan-activity;sid:83124400; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2260566)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"82.65.205.108"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_24; reference:url, urlhaus.abuse.ch/url/2260566/; classtype:trojan-activity;sid:83123666; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2258802)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.131.84.65"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_19; reference:url, urlhaus.abuse.ch/url/2258802/; classtype:trojan-activity;sid:83121902; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2256777)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"93.123.49.138"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_12; reference:url, urlhaus.abuse.ch/url/2256777/; classtype:trojan-activity;sid:83119877; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255804)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.5.200.222"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_07_09; reference:url, urlhaus.abuse.ch/url/2255804/; classtype:trojan-activity;sid:83118904; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2255098)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.173.39.201"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_07; reference:url, urlhaus.abuse.ch/url/2255098/; classtype:trojan-activity;sid:83118198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253976)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"145.255.30.170"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_07_04; reference:url, urlhaus.abuse.ch/url/2253976/; classtype:trojan-activity;sid:83117076; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2253022)"; flow:established,from_client; content:"GET"; http_method; content:"/lkb2dxj3/plugins/cred.dll"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"185.215.113.204"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_07_01; reference:url, urlhaus.abuse.ch/url/2253022/; classtype:trojan-activity;sid:83116122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252729)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=11mi132ptx9rjlbgex4ep7qabji8v7urn"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252729/; classtype:trojan-activity;sid:83115829; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2252574)"; flow:established,from_client; content:"GET"; http_method; content:"/updates1/up.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"1717.1000uc.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_30; reference:url, urlhaus.abuse.ch/url/2252574/; classtype:trojan-activity;sid:83115674; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2247112)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.151.47.18"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_06_22; reference:url, urlhaus.abuse.ch/url/2247112/; classtype:trojan-activity;sid:83110212; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2246119)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"62.169.235.215"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_06_20; reference:url, urlhaus.abuse.ch/url/2246119/; classtype:trojan-activity;sid:83109219; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2237418)"; flow:established,from_client; content:"GET"; http_method; content:"/system/gbh/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"airhobi.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_14; reference:url, urlhaus.abuse.ch/url/2237418/; classtype:trojan-activity;sid:83100518; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2233031)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_06_10; reference:url, urlhaus.abuse.ch/url/2233031/; classtype:trojan-activity;sid:83096131; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2232148)"; flow:established,from_client; content:"GET"; http_method; content:"/images/vaj7fuqye5y9.bak/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"bruiserbodies.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2022_06_09; reference:url, urlhaus.abuse.ch/url/2232148/; classtype:trojan-activity;sid:83095248; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2230406)"; flow:established,from_client; content:"GET"; http_method; content:"/down/newsales/adm_atu.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"palharesinformatica.com.br"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2022_06_08; reference:url, urlhaus.abuse.ch/url/2230406/; classtype:trojan-activity;sid:83093506; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2227709)"; flow:established,from_client; content:"GET"; http_method; content:"/img/rm0xpx/"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"jobcity.com"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_06_06; reference:url, urlhaus.abuse.ch/url/2227709/; classtype:trojan-activity;sid:83090809; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2211781)"; flow:established,from_client; content:"GET"; http_method; content:"/accesorios/xqp/"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"tecni-soft.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_05_26; reference:url, urlhaus.abuse.ch/url/2211781/; classtype:trojan-activity;sid:83074881; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2204168)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"118.233.242.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_05_20; reference:url, urlhaus.abuse.ch/url/2204168/; classtype:trojan-activity;sid:83067268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2192744)"; flow:established,from_client; content:"GET"; http_method; content:"/crt/xe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"pns.org.pk"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_05_13; reference:url, urlhaus.abuse.ch/url/2192744/; classtype:trojan-activity;sid:83055844; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2191248)"; flow:established,from_client; content:"GET"; http_method; content:"/application/phebceg4tx/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.ingonherbal.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2022_05_12; reference:url, urlhaus.abuse.ch/url/2191248/; classtype:trojan-activity;sid:83054348; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2186950)"; flow:established,from_client; content:"GET"; http_method; content:"/photoback"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"compan.oss-cn-hongkong.aliyuncs.com"; http_host; depth:35; isdataat:!1,relative; metadata:created_at 2022_05_09; reference:url, urlhaus.abuse.ch/url/2186950/; classtype:trojan-activity;sid:83050050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2166349)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/uploads/g5qmc5xvlj/"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"103.85.95.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_04_26; reference:url, urlhaus.abuse.ch/url/2166349/; classtype:trojan-activity;sid:83029449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160307)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/gaa/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"famesa.com.ar"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_04_22; reference:url, urlhaus.abuse.ch/url/2160307/; classtype:trojan-activity;sid:83023407; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2160004)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/gaa/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"famesa.com.ar"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_04_22; reference:url, urlhaus.abuse.ch/url/2160004/; classtype:trojan-activity;sid:83023104; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2150451)"; flow:established,from_client; content:"GET"; http_method; content:"/.vi"; http_uri; depth:4; isdataat:!1,relative; nocase; content:"185.216.133.16"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_04_16; reference:url, urlhaus.abuse.ch/url/2150451/; classtype:trojan-activity;sid:83013551; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2134110)"; flow:established,from_client; content:"GET"; http_method; content:"/0011b9cd240249c3aeb520ea1205eaf1.jpg"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"zhengxinpeixun.oss-cn-qingdao.aliyuncs.com"; http_host; depth:42; isdataat:!1,relative; metadata:created_at 2022_04_06; reference:url, urlhaus.abuse.ch/url/2134110/; classtype:trojan-activity;sid:82997210; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2126325)"; flow:established,from_client; content:"GET"; http_method; content:"/paginamasvieja1321654/vxbzo/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"sd-1684625-h00001.ferozo.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_04_01; reference:url, urlhaus.abuse.ch/url/2126325/; classtype:trojan-activity;sid:82989425; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2124302)"; flow:established,from_client; content:"GET"; http_method; content:"/xmrig/xmrig/releases/download/v6.10.0/xmrig-6.10.0-linux-static-x64.tar.gz"; http_uri; depth:75; isdataat:!1,relative; nocase; content:"github.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2022_03_31; reference:url, urlhaus.abuse.ch/url/2124302/; classtype:trojan-activity;sid:82987402; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2123445)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-content/yq7iksjiep9r/"; http_uri; depth:25; isdataat:!1,relative; nocase; content:"sd-1093121-h00002.ferozo.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_03_30; reference:url, urlhaus.abuse.ch/url/2123445/; classtype:trojan-activity;sid:82986545; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120576)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/|3f|i=1"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120576/; classtype:trojan-activity;sid:82983676; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2120577)"; flow:established,from_client; content:"GET"; http_method; content:"/64prpldhbugztyb2zl/xjvfxpux7xeopwtqsq2/"; http_uri; depth:40; isdataat:!1,relative; nocase; content:"www.chemsky.tn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_03_29; reference:url, urlhaus.abuse.ch/url/2120577/; classtype:trojan-activity;sid:82983677; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2114972)"; flow:established,from_client; content:"GET"; http_method; content:"/paginamasvieja1321654/f1m5dbu8axuqkx0p8/"; http_uri; depth:41; isdataat:!1,relative; nocase; content:"sd-1684625-h00001.ferozo.net"; http_host; depth:28; isdataat:!1,relative; metadata:created_at 2022_03_25; reference:url, urlhaus.abuse.ch/url/2114972/; classtype:trojan-activity;sid:82978072; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2113865)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3|3f|ddos"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_24; reference:url, urlhaus.abuse.ch/url/2113865/; classtype:trojan-activity;sid:82976965; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2109541)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"182.52.51.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_21; reference:url, urlhaus.abuse.ch/url/2109541/; classtype:trojan-activity;sid:82972641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2109542)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"182.52.51.239"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_21; reference:url, urlhaus.abuse.ch/url/2109542/; classtype:trojan-activity;sid:82972642; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2087702)"; flow:established,from_client; content:"GET"; http_method; content:"/v1/uploads/87dtpaezulsccon/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"103.85.95.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2022_03_10; reference:url, urlhaus.abuse.ch/url/2087702/; classtype:trojan-activity;sid:82950802; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086600)"; flow:established,from_client; content:"GET"; http_method; content:"/logfiles/u2o/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"89.25.223.211"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086600/; classtype:trojan-activity;sid:82949700; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086476)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty4"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086476/; classtype:trojan-activity;sid:82949576; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086449)"; flow:established,from_client; content:"GET"; http_method; content:"/.l/pty3"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"106.246.224.219"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086449/; classtype:trojan-activity;sid:82949549; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2086235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gvnzexvvs3vpv0-ihflwnmzmhij3qqly"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2022_03_09; reference:url, urlhaus.abuse.ch/url/2086235/; classtype:trojan-activity;sid:82949335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2058500)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.89.121.234"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_24; reference:url, urlhaus.abuse.ch/url/2058500/; classtype:trojan-activity;sid:82921600; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2051389)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"49.142.114.242"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_21; reference:url, urlhaus.abuse.ch/url/2051389/; classtype:trojan-activity;sid:82914489; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2048755)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"37.34.209.216"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_19; reference:url, urlhaus.abuse.ch/url/2048755/; classtype:trojan-activity;sid:82911855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2047314)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"78.188.27.225"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_02_18; reference:url, urlhaus.abuse.ch/url/2047314/; classtype:trojan-activity;sid:82910414; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2043048)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.231.226.35"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_02_14; reference:url, urlhaus.abuse.ch/url/2043048/; classtype:trojan-activity;sid:82906148; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (2003780)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.28.89"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2022_01_24; reference:url, urlhaus.abuse.ch/url/2003780/; classtype:trojan-activity;sid:82866880; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1997331)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.100.255.247"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_22; reference:url, urlhaus.abuse.ch/url/1997331/; classtype:trojan-activity;sid:82860431; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1996626)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.92.181.49"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_21; reference:url, urlhaus.abuse.ch/url/1996626/; classtype:trojan-activity;sid:82859726; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1988943)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh|3f|le0943_http"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_19; reference:url, urlhaus.abuse.ch/url/1988943/; classtype:trojan-activity;sid:82852043; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1978480)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"84.22.136.158"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2022_01_15; reference:url, urlhaus.abuse.ch/url/1978480/; classtype:trojan-activity;sid:82841580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1961882)"; flow:established,from_client; content:"GET"; http_method; content:"/peinf.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_10; reference:url, urlhaus.abuse.ch/url/1961882/; classtype:trojan-activity;sid:82824982; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1960874)"; flow:established,from_client; content:"GET"; http_method; content:"/tpeinf.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"185.215.113.84"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2022_01_09; reference:url, urlhaus.abuse.ch/url/1960874/; classtype:trojan-activity;sid:82823974; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1930832)"; flow:established,from_client; content:"GET"; http_method; content:"/includes/tax%20invoice.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"canconsulting.in"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_12_29; reference:url, urlhaus.abuse.ch/url/1930832/; classtype:trojan-activity;sid:82793932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1925806)"; flow:established,from_client; content:"GET"; http_method; content:"/oracle/$77_loader.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"5.133.65.53"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2021_12_27; reference:url, urlhaus.abuse.ch/url/1925806/; classtype:trojan-activity;sid:82788906; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1918089)"; flow:established,from_client; content:"GET"; http_method; content:"/axe/dkfsgf2m/"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"british-shorthair.es"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1918089/; classtype:trojan-activity;sid:82781189; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915732)"; flow:established,from_client; content:"GET"; http_method; content:"/5w/%e4%ba%94%e5%91%b3%e4%bc%a0%e5%a5%87.exe"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"xz888.oss-cn-hangzhou.aliyuncs.com"; http_host; depth:34; isdataat:!1,relative; metadata:created_at 2021_12_24; reference:url, urlhaus.abuse.ch/url/1915732/; classtype:trojan-activity;sid:82778832; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1915365)"; flow:established,from_client; content:"GET"; http_method; content:"/5j1ae/apmyyqsc6q3p5y/"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"aosafrica.co.za"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1915365/; classtype:trojan-activity;sid:82778465; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1913722)"; flow:established,from_client; content:"GET"; http_method; content:"/axe/twl/"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"british-shorthair.es"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_12_23; reference:url, urlhaus.abuse.ch/url/1913722/; classtype:trojan-activity;sid:82776822; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1901636)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"88.247.222.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_20; reference:url, urlhaus.abuse.ch/url/1901636/; classtype:trojan-activity;sid:82764736; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1887133)"; flow:established,from_client; content:"GET"; http_method; content:"/autokey/update/autokey.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"api.52kkg.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_12_15; reference:url, urlhaus.abuse.ch/url/1887133/; classtype:trojan-activity;sid:82750233; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1866071)"; flow:established,from_client; content:"GET"; http_method; content:"/jsasynci/89205643570.xlsb"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"server.easysalepage.in.th"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2021_12_08; reference:url, urlhaus.abuse.ch/url/1866071/; classtype:trojan-activity;sid:82729171; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1860169)"; flow:established,from_client; content:"GET"; http_method; content:"/images/eqrkn0krsn2nbhkpbe4fw0x/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"www.tradeinsights.net"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_12_06; reference:url, urlhaus.abuse.ch/url/1860169/; classtype:trojan-activity;sid:82723269; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1761107)"; flow:established,from_client; content:"GET"; http_method; content:"/svr_netchecker/server.asp|3f|v_command=3002|7c|26|7c|v_progname=sjptmanagerlauncher.exe"; http_uri; depth:88; isdataat:!1,relative; nocase; content:"server.toeicswt.co.kr"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_11_07; reference:url, urlhaus.abuse.ch/url/1761107/; classtype:trojan-activity;sid:82624207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1742168)"; flow:established,from_client; content:"GET"; http_method; content:"/stud06_lssntjjcp10.bin"; http_uri; depth:23; isdataat:!1,relative; nocase; content:"www.alertsecurities.in"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_11_03; reference:url, urlhaus.abuse.ch/url/1742168/; classtype:trojan-activity;sid:82605268; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1666548)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/%e5%88%9d%e5%a6%86%e5%8a%a9%e6%89%8b.exe"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"static.cz01.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_11; reference:url, urlhaus.abuse.ch/url/1666548/; classtype:trojan-activity;sid:82529648; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1657096)"; flow:established,from_client; content:"GET"; http_method; content:"/update/ana/update.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"www.teknoarge.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_10_06; reference:url, urlhaus.abuse.ch/url/1657096/; classtype:trojan-activity;sid:82520196; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653848)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23s"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"101.51.121.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653848/; classtype:trojan-activity;sid:82516948; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1653849)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/23"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"101.51.121.206"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_10_04; reference:url, urlhaus.abuse.ch/url/1653849/; classtype:trojan-activity;sid:82516949; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649864)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/horn.php"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649864/; classtype:trojan-activity;sid:82512964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649854)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/mug.php"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649854/; classtype:trojan-activity;sid:82512954; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649856)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/inverting.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649856/; classtype:trojan-activity;sid:82512956; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649857)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/apportion.php"; http_uri; depth:43; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649857/; classtype:trojan-activity;sid:82512957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649842)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/subdivider.php"; http_uri; depth:44; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649842/; classtype:trojan-activity;sid:82512942; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649843)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/streamlined.php"; http_uri; depth:45; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649843/; classtype:trojan-activity;sid:82512943; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1649844)"; flow:established,from_client; content:"GET"; http_method; content:"/js/ueditor/lang/zh-cn/images/superstitions.php"; http_uri; depth:47; isdataat:!1,relative; nocase; content:"dl.9xu.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2021_10_01; reference:url, urlhaus.abuse.ch/url/1649844/; classtype:trojan-activity;sid:82512944; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1647561)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=12ma_yvbmprts6e_vkfnmwikrnwsarqbw"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_29; reference:url, urlhaus.abuse.ch/url/1647561/; classtype:trojan-activity;sid:82510661; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1624890)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1o9jg3oqyewncoptigwscdbtfmvtfqygj"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_09_16; reference:url, urlhaus.abuse.ch/url/1624890/; classtype:trojan-activity;sid:82487990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1560761)"; flow:established,from_client; content:"GET"; http_method; content:"/downloads/safmanager/safman_setup.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"www.saf-oil.ru"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_24; reference:url, urlhaus.abuse.ch/url/1560761/; classtype:trojan-activity;sid:82423861; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1545093)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"219.68.245.35"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_08_19; reference:url, urlhaus.abuse.ch/url/1545093/; classtype:trojan-activity;sid:82408193; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1539372)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"176.120.211.83"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_16; reference:url, urlhaus.abuse.ch/url/1539372/; classtype:trojan-activity;sid:82402472; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1514098)"; flow:established,from_client; content:"GET"; http_method; content:"/zxcvb.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"lastimaners.ug"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_08_07; reference:url, urlhaus.abuse.ch/url/1514098/; classtype:trojan-activity;sid:82377198; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506064)"; flow:established,from_client; content:"GET"; http_method; content:"/ortakmodul/nbys%20asm.net.exe"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506064/; classtype:trojan-activity;sid:82369164; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1506027)"; flow:established,from_client; content:"GET"; http_method; content:"/nbys.aspx|3f|f=aile_hekimligi/nbys%20ah.net.exe"; http_uri; depth:48; isdataat:!1,relative; nocase; content:"files5.uludagbilisim.com"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2021_08_04; reference:url, urlhaus.abuse.ch/url/1506027/; classtype:trojan-activity;sid:82369127; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1497688)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.164.200.170"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_08_01; reference:url, urlhaus.abuse.ch/url/1497688/; classtype:trojan-activity;sid:82360788; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1469946)"; flow:established,from_client; content:"GET"; http_method; content:"/hajime"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_07_21; reference:url, urlhaus.abuse.ch/url/1469946/; classtype:trojan-activity;sid:82333046; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1434520)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"182.253.205.235"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_07_07; reference:url, urlhaus.abuse.ch/url/1434520/; classtype:trojan-activity;sid:82297620; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422022)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1n8_s6gijerearczwh74blkygodig64eo"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422022/; classtype:trojan-activity;sid:82285122; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1422010)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1yfqtugahqhqrulwugdekeavffktsl8ci"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_07_03; reference:url, urlhaus.abuse.ch/url/1422010/; classtype:trojan-activity;sid:82285110; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1402229)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.230.153.181"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_26; reference:url, urlhaus.abuse.ch/url/1402229/; classtype:trojan-activity;sid:82265329; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1393270)"; flow:established,from_client; content:"GET"; http_method; content:"/downfile.asp|3f|sid=276663/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"www.ysbaojia.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_24; reference:url, urlhaus.abuse.ch/url/1393270/; classtype:trojan-activity;sid:82256370; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1391235)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1sbd1rnw8luztjmsh6gdlzupvyupbopa0|7c|26|7c|revid=0b3yyjts_woklr2vnyxvqohlidxbxn1l2wwjntxfnwvi5v0h3pq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_23; reference:url, urlhaus.abuse.ch/url/1391235/; classtype:trojan-activity;sid:82254335; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1378480)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ctmywlj5wouiug1wgizy3ke7yj1u0yor|7c|26|7c|revid=0b_t0-zked1mgagxwmxcwywq5q0q1uk1uoxcwaup6l2ovmtdjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_19; reference:url, urlhaus.abuse.ch/url/1378480/; classtype:trojan-activity;sid:82241580; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1372338)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1alq8r5tnr6wwiftqa3l6d9fymv7y0g9m"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_17; reference:url, urlhaus.abuse.ch/url/1372338/; classtype:trojan-activity;sid:82235438; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1352974)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"103.125.163.10"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_06_11; reference:url, urlhaus.abuse.ch/url/1352974/; classtype:trojan-activity;sid:82216074; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1350517)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1tilqozot07vylvdmmsfs7ia452jwhktj|7c|26|7c|revid=0b7gsmqzks4xkcdjcwhuvatj2qvlvchnmnnovu2ldzstek2jzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1350517/; classtype:trojan-activity;sid:82213617; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1348672)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1etpmpb2shvuny5dxj5awfpxklxqpbzgx"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_10; reference:url, urlhaus.abuse.ch/url/1348672/; classtype:trojan-activity;sid:82211772; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1331376)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1b6t1mjnjcvndcy-mdqq0neqrbocqyju4"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_06; reference:url, urlhaus.abuse.ch/url/1331376/; classtype:trojan-activity;sid:82194476; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1327898)"; flow:established,from_client; content:"GET"; http_method; content:"/inst77player/inst77player_1.0.0.1.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"softdl.360tpcdn.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_06_05; reference:url, urlhaus.abuse.ch/url/1327898/; classtype:trojan-activity;sid:82190998; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319550)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1pr2l1wfpwhfzln-sq93bb9xwfqtrwezu"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319550/; classtype:trojan-activity;sid:82182650; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1319551)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1nw1gmzg6lwtuhs0tte969xcfpp9_dc5q"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_06_03; reference:url, urlhaus.abuse.ch/url/1319551/; classtype:trojan-activity;sid:82182651; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283230)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/xzgj/3839/%e6%85%95%e8%af%be%e7%bd%91%e8%a7%86%e9%a2%91%e8%a7%a3%e6%9e%90%e5%b7%a5%e5%85%b7_2015.exe"; http_uri; depth:106; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283230/; classtype:trojan-activity;sid:82146330; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283209)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/bgrj/5694/%e5%88%9b%e8%be%89%e4%bc%81%e4%b8%9a%e5%90%8d%e5%bd%95%e4%bf%a1%e6%81%af%e6%90%9c%e7%b4%a2%e8%bd%af%e4%bb%b6.exe"; http_uri; depth:128; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283209/; classtype:trojan-activity;sid:82146309; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1283183)"; flow:established,from_client; content:"GET"; http_method; content:"/soft/aqsd/5084/%e5%a4%a9%e9%99%8d%e6%bf%80%e5%85%89%e7%82%ae-%e5%9b%be%e5%83%8f%e7%95%8c%e9%9d%a2%e7%89%88.exe"; http_uri; depth:111; isdataat:!1,relative; nocase; content:"d1.udashi.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_25; reference:url, urlhaus.abuse.ch/url/1283183/; classtype:trojan-activity;sid:82146283; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1268362)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.243.216.3"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2021_05_22; reference:url, urlhaus.abuse.ch/url/1268362/; classtype:trojan-activity;sid:82131462; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237693)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1z7qhwcozjwehksdhw-yuivac2jzwjqia"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237693/; classtype:trojan-activity;sid:82100793; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1237690)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1m8jszvq-ztfrul7vgsb6q-n3ftgnkbdj|7c|26|7c|revid=0bxrhybf9__wnmgjlnmxmunzznlu0v204azc4edmzcep6a0hzpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_15; reference:url, urlhaus.abuse.ch/url/1237690/; classtype:trojan-activity;sid:82100790; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1233306)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1gv_nk9llqw4fxudo-khja7nuuj1kevvw|7c|26|7c|revid=0b7zefp-g6n7vm0zhowo4be9pvus4mmh0ymxvd3r6zlu3ylznpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_14; reference:url, urlhaus.abuse.ch/url/1233306/; classtype:trojan-activity;sid:82096406; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228961)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|id=1a7jwdzayvxw_d3cgv_n7tjf4sty3ufor|7c|26|7c|export=download"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228961/; classtype:trojan-activity;sid:82092061; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1228819)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=140vkyfrfhbqkukc2hnw-gsvi5wjw6iyi"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_13; reference:url, urlhaus.abuse.ch/url/1228819/; classtype:trojan-activity;sid:82091919; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1227129)"; flow:established,from_client; content:"GET"; http_method; content:"/setup/%e9%a3%9e%e8%9b%be%e5%b7%a5%e5%85%b7%e7%ae%b1.exe"; http_uri; depth:56; isdataat:!1,relative; nocase; content:"static.cz01.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1227129/; classtype:trojan-activity;sid:82090229; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1223122)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.103"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_05_12; reference:url, urlhaus.abuse.ch/url/1223122/; classtype:trojan-activity;sid:82086222; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1220349)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1h_dyp_d5lst4akyf2qezxl7j1scvbtvs|7c|26|7c|revid=0b5thckui5i0mdk5moelbnm9vuhnydvjnvwpyq01vrg5xvwhrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_05_11; reference:url, urlhaus.abuse.ch/url/1220349/; classtype:trojan-activity;sid:82083449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1199812)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1uygnpwzzyzn2rodsrimg0-sloxy_letg"; http_uri; depth:68; isdataat:!1,relative; nocase; content:"drive.google.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_05_06; reference:url, urlhaus.abuse.ch/url/1199812/; classtype:trojan-activity;sid:82062912; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1184754)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1ygn4gkmy9musdp_lgnpyjjh6rskt39vp|7c|26|7c|revid=0b8rbgp2bpeofmk5ta3n3mgjtefbzdevwtk5wwhpjd3yruejjpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_30; reference:url, urlhaus.abuse.ch/url/1184754/; classtype:trojan-activity;sid:82047854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181763)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mep5euraznm5lmjsb2cuzgf1bs5uzxq6l0lnqudflzavns5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8.exe"; http_uri; depth:199; isdataat:!1,relative; nocase; content:"cfs9.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181763/; classtype:trojan-activity;sid:82044863; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%bf%c0%b7%f9%c7%d8%b0%e1%c7%cf%b1%e2.exe"; http_uri; depth:184; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181758/; classtype:trojan-activity;sid:82044858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181756)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=mdczafhaznmxmc5ibg9nlmrhdw0ubmv0oi9jtufhrs8wlzkwlmv4zq==|7c|26|7c|filename=xp_sp3_%ed%85%8c%eb%a7%88%ed%8c%a8%ec%b9%98.exe"; http_uri; depth:163; isdataat:!1,relative; nocase; content:"cfs10.blog.daum.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181756/; classtype:trojan-activity;sid:82044856; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181754)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzze5mtk5nubmczezlnrpc3rvcnkuy29toi9hdhrhy2gvmc8xnzawmdawmdawmdauzxhl|7c|26|7c|filename=oleaut32.dll%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%ef%bf%bd%d8%b0%ef%bf%bd%ef%bf%bd%cf%b1%ef%bf%bd.exe"; http_uri; depth:232; isdataat:!1,relative; nocase; content:"cfs13.tistory.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181754/; classtype:trojan-activity;sid:82044854; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1181755)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=metnwe5aznm3lmjsb2cuzgf1bs5uzxq6l0lnqudflzavmc5legu=|7c|26|7c|filename=%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe/%ec%9d%b8%ed%84%b0%eb%84%b7_%ec%a2%85%eb%9f%89%ec%a0%9c_%ed%85%8c%ec%8a%a4%ed%8a%b8-cksal16.exe"; http_uri; depth:303; isdataat:!1,relative; nocase; content:"cfs7.blog.daum.net"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_04_29; reference:url, urlhaus.abuse.ch/url/1181755/; classtype:trojan-activity;sid:82044855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1167210)"; flow:established,from_client; content:"GET"; http_method; content:"/ldr.sh"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"194.145.227.21"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2021_04_25; reference:url, urlhaus.abuse.ch/url/1167210/; classtype:trojan-activity;sid:82030310; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1152444)"; flow:established,from_client; content:"GET"; http_method; content:"/uc|3f|export=download|7c|26|7c|id=1jpl-uouydm5hypqm67uokyddrblbpxvw|7c|26|7c|revid=0b7zpiprmoc5ubhpwclq0cxdyte5vwtrbymnidznhtgm3bzvrpq"; http_uri; depth:135; isdataat:!1,relative; nocase; content:"docs.google.com"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2021_04_22; reference:url, urlhaus.abuse.ch/url/1152444/; classtype:trojan-activity;sid:82015544; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1090482)"; flow:established,from_client; content:"GET"; http_method; content:"/r6x7x6rf.zip"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"travelwithmanta.co.za"; http_host; depth:21; isdataat:!1,relative; metadata:created_at 2021_03_25; reference:url, urlhaus.abuse.ch/url/1090482/; classtype:trojan-activity;sid:81953582; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1068684)"; flow:established,from_client; content:"GET"; http_method; content:"/njtzac0.tar"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"mysura.it"; http_host; depth:9; isdataat:!1,relative; metadata:created_at 2021_03_15; reference:url, urlhaus.abuse.ch/url/1068684/; classtype:trojan-activity;sid:81931784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1061608)"; flow:established,from_client; content:"GET"; http_method; content:"/dos/nemesy13.zip"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"dl.packetstormsecurity.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2021_03_11; reference:url, urlhaus.abuse.ch/url/1061608/; classtype:trojan-activity;sid:81924708; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1059666)"; flow:established,from_client; content:"GET"; http_method; content:"/z4voa7.rar"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"e-commerce.saleensuporte.com.br"; http_host; depth:31; isdataat:!1,relative; metadata:created_at 2021_03_10; reference:url, urlhaus.abuse.ch/url/1059666/; classtype:trojan-activity;sid:81922766; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1040097)"; flow:established,from_client; content:"GET"; http_method; content:"/rpez546n.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"test.typoten.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2021_03_01; reference:url, urlhaus.abuse.ch/url/1040097/; classtype:trojan-activity;sid:81903197; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1016773)"; flow:established,from_client; content:"GET"; http_method; content:"/th769kg7.tar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"jhayesconsulting.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_02_17; reference:url, urlhaus.abuse.ch/url/1016773/; classtype:trojan-activity;sid:81879873; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (1009349)"; flow:established,from_client; content:"GET"; http_method; content:"/2017/06/radbxnzdxbd.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"360down7.miiyun.cn"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2021_02_14; reference:url, urlhaus.abuse.ch/url/1009349/; classtype:trojan-activity;sid:81872449; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995049)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995049/; classtype:trojan-activity;sid:81858149; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (995040)"; flow:established,from_client; content:"GET"; http_method; content:"/txs9e9.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"buscascolegios.diit.cl"; http_host; depth:22; isdataat:!1,relative; metadata:created_at 2021_02_08; reference:url, urlhaus.abuse.ch/url/995040/; classtype:trojan-activity;sid:81858140; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (986697)"; flow:established,from_client; content:"GET"; http_method; content:"/dcbl8fi.zip"; http_uri; depth:12; isdataat:!1,relative; nocase; content:"library.arihantmbainstitute.ac.in"; http_host; depth:33; isdataat:!1,relative; metadata:created_at 2021_02_01; reference:url, urlhaus.abuse.ch/url/986697/; classtype:trojan-activity;sid:81849797; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (957784)"; flow:established,from_client; content:"GET"; http_method; content:"/gamewd/yhdl.exe"; http_uri; depth:16; isdataat:!1,relative; nocase; content:"download.caihong.com"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2021_01_13; reference:url, urlhaus.abuse.ch/url/957784/; classtype:trojan-activity;sid:81820884; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (939949)"; flow:established,from_client; content:"GET"; http_method; content:"/data/ovg/"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"www.moninediy.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_12_23; reference:url, urlhaus.abuse.ch/url/939949/; classtype:trojan-activity;sid:81803049; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (936427)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/bxjesdj7w3meuh7iatiurbsgh/"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/936427/; classtype:trojan-activity;sid:81799527; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935817)"; flow:established,from_client; content:"GET"; http_method; content:"/css/bg4n3/"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935817/; classtype:trojan-activity;sid:81798917; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (935625)"; flow:established,from_client; content:"GET"; http_method; content:"/u0eukz.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"abissnet.net"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_12_21; reference:url, urlhaus.abuse.ch/url/935625/; classtype:trojan-activity;sid:81798725; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (920450)"; flow:established,from_client; content:"GET"; http_method; content:"/hceioc.zip"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"api-ms.cobainaja.id"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_12_15; reference:url, urlhaus.abuse.ch/url/920450/; classtype:trojan-activity;sid:81783550; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (906880)"; flow:established,from_client; content:"GET"; http_method; content:"/asdfg.exe"; http_uri; depth:10; isdataat:!1,relative; nocase; content:"marksidfgs.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_12_11; reference:url, urlhaus.abuse.ch/url/906880/; classtype:trojan-activity;sid:81769980; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (788214)"; flow:established,from_client; content:"GET"; http_method; content:"/v2x2vexx.jpg"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"yzkzixun.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2020_11_05; reference:url, urlhaus.abuse.ch/url/788214/; classtype:trojan-activity;sid:81651314; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (754857)"; flow:established,from_client; content:"GET"; http_method; content:"/gfl7i3kp.rar"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"karer.by"; http_host; depth:8; isdataat:!1,relative; metadata:created_at 2020_10_27; reference:url, urlhaus.abuse.ch/url/754857/; classtype:trojan-activity;sid:81617957; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723755)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/sites/ci6p05scnuonqslqmehm/"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723755/; classtype:trojan-activity;sid:81586855; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (723711)"; flow:established,from_client; content:"GET"; http_method; content:"/css/attachments/"; http_uri; depth:17; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_10_20; reference:url, urlhaus.abuse.ch/url/723711/; classtype:trojan-activity;sid:81586811; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (637433)"; flow:established,from_client; content:"GET"; http_method; content:"/paetools.exe"; http_uri; depth:13; isdataat:!1,relative; nocase; content:"soft.110route.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_10_01; reference:url, urlhaus.abuse.ch/url/637433/; classtype:trojan-activity;sid:81500533; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (611407)"; flow:established,from_client; content:"GET"; http_method; content:"/css/3u/"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_25; reference:url, urlhaus.abuse.ch/url/611407/; classtype:trojan-activity;sid:81474507; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (598684)"; flow:established,from_client; content:"GET"; http_method; content:"/css/6qv2o2ehwzh1d/"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_22; reference:url, urlhaus.abuse.ch/url/598684/; classtype:trojan-activity;sid:81461784; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (554647)"; flow:established,from_client; content:"GET"; http_method; content:"/wp-admin/file/x7z9wbk77tt6v9/"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"cdaonline.com.ar"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/554647/; classtype:trojan-activity;sid:81417747; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (552113)"; flow:established,from_client; content:"GET"; http_method; content:"/css/llc/fa1torcvwmvsw1ioua/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_09_18; reference:url, urlhaus.abuse.ch/url/552113/; classtype:trojan-activity;sid:81415213; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (490516)"; flow:established,from_client; content:"GET"; http_method; content:"/hmatrix/data/hack1226.exe"; http_uri; depth:26; isdataat:!1,relative; nocase; content:"cd.textfiles.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_09_14; reference:url, urlhaus.abuse.ch/url/490516/; classtype:trojan-activity;sid:81353616; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (466425)"; flow:established,from_client; content:"GET"; http_method; content:"/g"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_12; reference:url, urlhaus.abuse.ch/url/466425/; classtype:trojan-activity;sid:81329525; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (466312)"; flow:established,from_client; content:"GET"; http_method; content:"/i"; http_uri; depth:2; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_12; reference:url, urlhaus.abuse.ch/url/466312/; classtype:trojan-activity;sid:81329412; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (463460)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.m"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_11; reference:url, urlhaus.abuse.ch/url/463460/; classtype:trojan-activity;sid:81326560; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (463309)"; flow:established,from_client; content:"GET"; http_method; content:"/mozi.a"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_11; reference:url, urlhaus.abuse.ch/url/463309/; classtype:trojan-activity;sid:81326409; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (452932)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"111.185.23.84"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2020_09_04; reference:url, urlhaus.abuse.ch/url/452932/; classtype:trojan-activity;sid:81316032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (444932)"; flow:established,from_client; content:"GET"; http_method; content:"/cgi-bin/document/81828115/bkxjh/"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"hr2019.vrcom7.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2020_08_27; reference:url, urlhaus.abuse.ch/url/444932/; classtype:trojan-activity;sid:81308032; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438705)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/file/21mnqlvi/oz88535657v7rbazasyth9x8i/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438705/; classtype:trojan-activity;sid:81301805; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (438621)"; flow:established,from_client; content:"GET"; http_method; content:"/css/statement/sv8ah2oz31fj/"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_21; reference:url, urlhaus.abuse.ch/url/438621/; classtype:trojan-activity;sid:81301721; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (436727)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/statement/ul397wfyb/"; http_uri; depth:29; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_19; reference:url, urlhaus.abuse.ch/url/436727/; classtype:trojan-activity;sid:81299827; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434592)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/closed_957176_mxqsdoj6a4iz/close_warehouse/ql55hnq09iyn6lm_334stxvw03wyv/"; http_uri; depth:82; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434592/; classtype:trojan-activity;sid:81297692; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (434320)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"reifenquick.de"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_17; reference:url, urlhaus.abuse.ch/url/434320/; classtype:trojan-activity;sid:81297420; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432815)"; flow:established,from_client; content:"GET"; http_method; content:"/css/doc/kbc9dts71991684654644570io07lx5tws9zd0q/"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432815/; classtype:trojan-activity;sid:81295915; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432746)"; flow:established,from_client; content:"GET"; http_method; content:"/scan/vw3tl6d9/"; http_uri; depth:15; isdataat:!1,relative; nocase; content:"posmicrosystems.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_14; reference:url, urlhaus.abuse.ch/url/432746/; classtype:trojan-activity;sid:81295846; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (432117)"; flow:established,from_client; content:"GET"; http_method; content:"/scripts/hl8-8w4cs-6325/"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"www.reifenquick.de"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/432117/; classtype:trojan-activity;sid:81295217; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (431601)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/scan/5k2b2y4/"; http_uri; depth:35; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_13; reference:url, urlhaus.abuse.ch/url/431601/; classtype:trojan-activity;sid:81294701; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429864)"; flow:established,from_client; content:"GET"; http_method; content:"/css/fqcfrfvwflt3/"; http_uri; depth:18; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429864/; classtype:trojan-activity;sid:81292964; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (429822)"; flow:established,from_client; content:"GET"; http_method; content:"/oct/05eo9y/yho7cb662821oxuq416ncv9m0g/"; http_uri; depth:39; isdataat:!1,relative; nocase; content:"posmicrosystems.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_12; reference:url, urlhaus.abuse.ch/url/429822/; classtype:trojan-activity;sid:81292922; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (428352)"; flow:established,from_client; content:"GET"; http_method; content:"/common/yz.vbs"; http_uri; depth:14; isdataat:!1,relative; nocase; content:"yp.hnggzyjy.cn"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_10; reference:url, urlhaus.abuse.ch/url/428352/; classtype:trojan-activity;sid:81291452; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427195)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/closed-section/additional-area/740331365-r4cxbyqtk/"; http_uri; depth:73; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427195/; classtype:trojan-activity;sid:81290295; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (427189)"; flow:established,from_client; content:"GET"; http_method; content:"/css/private_module/test_cloud/z3gjv_w4zyu545ts846/"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"jeffdahlke.com"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_08_07; reference:url, urlhaus.abuse.ch/url/427189/; classtype:trojan-activity;sid:81290289; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (426766)"; flow:established,from_client; content:"GET"; http_method; content:"/common_resource/3zynn88sm_qdy9vaoqlxkyn_989270539154_n7ffnmeyjem/36660133916761_yjn3n510wqqnfyx0/"; http_uri; depth:98; isdataat:!1,relative; nocase; content:"posmicrosystems.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2020_08_06; reference:url, urlhaus.abuse.ch/url/426766/; classtype:trojan-activity;sid:81289866; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (422458)"; flow:established,from_client; content:"GET"; http_method; content:"/invoice/aog-3515110/"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"lindnerelektroanlagen.de"; http_host; depth:24; isdataat:!1,relative; metadata:created_at 2020_07_30; reference:url, urlhaus.abuse.ch/url/422458/; classtype:trojan-activity;sid:81285558; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (419853)"; flow:established,from_client; content:"GET"; http_method; content:"/homegrownorlando.com/djsv1tay8/"; http_uri; depth:32; isdataat:!1,relative; nocase; content:"exilum.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2020_07_27; reference:url, urlhaus.abuse.ch/url/419853/; classtype:trojan-activity;sid:81282953; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (411798)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"123.110.124.238"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2020_07_11; reference:url, urlhaus.abuse.ch/url/411798/; classtype:trojan-activity;sid:81274898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (401440)"; flow:established,from_client; content:"GET"; http_method; content:"/43rf3dw/34frgegrg.exe"; http_uri; depth:22; isdataat:!1,relative; nocase; content:"prestigehomeautomation.net"; http_host; depth:26; isdataat:!1,relative; metadata:created_at 2020_06_24; reference:url, urlhaus.abuse.ch/url/401440/; classtype:trojan-activity;sid:81264540; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (363653)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"218.38.241.105"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_05_16; reference:url, urlhaus.abuse.ch/url/363653/; classtype:trojan-activity;sid:81226753; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322758)"; flow:established,from_client; content:"GET"; http_method; content:"/upload_control/download.blog|3f|fhandle=ymxvzzcxmzyyqgzzns50axn0b3j5lmnvbtovyxr0ywnolzavmtqwmdawmdawmdawlmv4zq%3d%3d|7c|26|7c|filename=crack-pro20.exe"; http_uri; depth:151; isdataat:!1,relative; nocase; content:"cfs5.tistory.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2020_03_08; reference:url, urlhaus.abuse.ch/url/322758/; classtype:trojan-activity;sid:81185858; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322465)"; flow:established,from_client; content:"GET"; http_method; content:"/scenic/scenic1/sunset1.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322465/; classtype:trojan-activity;sid:81185565; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (322462)"; flow:established,from_client; content:"GET"; http_method; content:"/flowers/flowers1/smell-the-roses.exe"; http_uri; depth:37; isdataat:!1,relative; nocase; content:"funletters.net"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2020_03_07; reference:url, urlhaus.abuse.ch/url/322462/; classtype:trojan-activity;sid:81185562; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (318948)"; flow:established,from_client; content:"GET"; http_method; content:"/fuzzbunch/fuzzbunch/master/payloads/doublepulsar-1.3.1.exe"; http_uri; depth:59; isdataat:!1,relative; nocase; content:"raw.githubusercontent.com"; http_host; depth:25; isdataat:!1,relative; metadata:created_at 2020_02_26; reference:url, urlhaus.abuse.ch/url/318948/; classtype:trojan-activity;sid:81182048; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (265919)"; flow:established,from_client; content:"GET"; http_method; content:"/asdf.exe"; http_uri; depth:9; isdataat:!1,relative; nocase; content:"marksidfgs.ug"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_10; reference:url, urlhaus.abuse.ch/url/265919/; classtype:trojan-activity;sid:81129019; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (263107)"; flow:established,from_client; content:"GET"; http_method; content:"/dusers.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"94.53.120.109"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_12_03; reference:url, urlhaus.abuse.ch/url/263107/; classtype:trojan-activity;sid:81126207; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242615)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"181.224.242.131"; http_host; depth:15; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242615/; classtype:trojan-activity;sid:81105715; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (242568)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"202.4.124.58"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_10; reference:url, urlhaus.abuse.ch/url/242568/; classtype:trojan-activity;sid:81105668; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (241993)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"46.175.138.75"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_09; reference:url, urlhaus.abuse.ch/url/241993/; classtype:trojan-activity;sid:81105093; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240832)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"213.16.63.103"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240832/; classtype:trojan-activity;sid:81103932; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240475)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"165.90.16.5"; http_host; depth:11; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240475/; classtype:trojan-activity;sid:81103575; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240426)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"95.170.113.227"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240426/; classtype:trojan-activity;sid:81103526; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240403)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"92.114.191.82"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240403/; classtype:trojan-activity;sid:81103503; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240237)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"216.183.54.169"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240237/; classtype:trojan-activity;sid:81103337; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240226)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"212.46.197.114"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240226/; classtype:trojan-activity;sid:81103326; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (240036)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"178.151.143.2"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_07; reference:url, urlhaus.abuse.ch/url/240036/; classtype:trojan-activity;sid:81103136; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (239019)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"36.66.139.36"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/239019/; classtype:trojan-activity;sid:81102119; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238950)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"194.152.35.139"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_06; reference:url, urlhaus.abuse.ch/url/238950/; classtype:trojan-activity;sid:81102050; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238127)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"109.248.58.238"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238127/; classtype:trojan-activity;sid:81101227; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (238008)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"190.12.99.194"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/238008/; classtype:trojan-activity;sid:81101108; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (237890)"; flow:established,from_client; content:"GET"; http_method; content:"/.i"; http_uri; depth:3; isdataat:!1,relative; nocase; content:"185.12.78.161"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_10_05; reference:url, urlhaus.abuse.ch/url/237890/; classtype:trojan-activity;sid:81100990; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222979)"; flow:established,from_client; content:"GET"; http_method; content:"/uploads/thirdupload/5d3e8177e87cc.exe"; http_uri; depth:38; isdataat:!1,relative; nocase; content:"src1.minibai.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_08_07; reference:url, urlhaus.abuse.ch/url/222979/; classtype:trojan-activity;sid:81086079; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (222506)"; flow:established,from_client; content:"GET"; http_method; content:"/kszip/news/v1.0.7.31/news_01.exe"; http_uri; depth:33; isdataat:!1,relative; nocase; content:"download.pdf00.cn"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_08_06; reference:url, urlhaus.abuse.ch/url/222506/; classtype:trojan-activity;sid:81085606; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (217486)"; flow:established,from_client; content:"GET"; http_method; content:"/meteoradminz/hidden-tear/zip/master"; http_uri; depth:36; isdataat:!1,relative; nocase; content:"codeload.github.com"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_07_17; reference:url, urlhaus.abuse.ch/url/217486/; classtype:trojan-activity;sid:81080586; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210541)"; flow:established,from_client; content:"GET"; http_method; content:"/64.exe"; http_uri; depth:7; isdataat:!1,relative; nocase; content:"indonesias.me"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210541/; classtype:trojan-activity;sid:81073641; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210524)"; flow:established,from_client; content:"GET"; http_method; content:"/c64.exe"; http_uri; depth:8; isdataat:!1,relative; nocase; content:"indonesias.me"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_20; reference:url, urlhaus.abuse.ch/url/210524/; classtype:trojan-activity;sid:81073624; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (210023)"; flow:established,from_client; content:"GET"; http_method; content:"/opolis.exe"; http_uri; depth:11; isdataat:!1,relative; nocase; content:"www.opolis.io"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_06_18; reference:url, urlhaus.abuse.ch/url/210023/; classtype:trojan-activity;sid:81073123; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (203280)"; flow:established,from_client; content:"GET"; http_method; content:"/download/qt51crk.exe"; http_uri; depth:21; isdataat:!1,relative; nocase; content:"www.hseda.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_05_29; reference:url, urlhaus.abuse.ch/url/203280/; classtype:trojan-activity;sid:81066380; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (202114)"; flow:established,from_client; content:"GET"; http_method; content:"/screenmate/cute/sm1302.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"www.starcountry.net"; http_host; depth:19; isdataat:!1,relative; metadata:created_at 2019_05_26; reference:url, urlhaus.abuse.ch/url/202114/; classtype:trojan-activity;sid:81065214; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (201885)"; flow:established,from_client; content:"GET"; http_method; content:"/products/wattyl/wattyl.exe"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"unicorpbrunei.com"; http_host; depth:17; isdataat:!1,relative; metadata:created_at 2019_05_25; reference:url, urlhaus.abuse.ch/url/201885/; classtype:trojan-activity;sid:81064985; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200800)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_asciiverter_v1.00/zke-ascv.exe"; http_uri; depth:60; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200800/; classtype:trojan-activity;sid:81063900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200798)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/12.2013/nrv-ppwr.zip"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200798/; classtype:trojan-activity;sid:81063898; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200771)"; flow:established,from_client; content:"GET"; http_method; content:"/razor/rzr-winner_intro.zip"; http_uri; depth:27; isdataat:!1,relative; nocase; content:"chiptune.com"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200771/; classtype:trojan-activity;sid:81063871; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (200770)"; flow:established,from_client; content:"GET"; http_method; content:"/releases/zorke_release/zorke_nfo_file_viewer_v1.00/zke-nfoview.exe"; http_uri; depth:67; isdataat:!1,relative; nocase; content:"nerve.untergrund.net"; http_host; depth:20; isdataat:!1,relative; metadata:created_at 2019_05_23; reference:url, urlhaus.abuse.ch/url/200770/; classtype:trojan-activity;sid:81063870; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197801)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/d/2014-06-12_djylh.exe"; http_uri; depth:51; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197801/; classtype:trojan-activity;sid:81060901; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (197800)"; flow:established,from_client; content:"GET"; http_method; content:"/hao123-soft-online-bcs/soft/p/pocketrar350sc.exe"; http_uri; depth:49; isdataat:!1,relative; nocase; content:"download.skycn.com"; http_host; depth:18; isdataat:!1,relative; metadata:created_at 2019_05_17; reference:url, urlhaus.abuse.ch/url/197800/; classtype:trojan-activity;sid:81060900; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (195911)"; flow:established,from_client; content:"GET"; http_method; content:"/soft_hair/pcsupport.exe"; http_uri; depth:24; isdataat:!1,relative; nocase; content:"support.clz.kr"; http_host; depth:14; isdataat:!1,relative; metadata:created_at 2019_05_14; reference:url, urlhaus.abuse.ch/url/195911/; classtype:trojan-activity;sid:81059011; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (186282)"; flow:established,from_client; content:"GET"; http_method; content:"/pub/1003b/patch/patch_data/patch_0.3300/1003b.exe"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"dl.1003b.56a.com"; http_host; depth:16; isdataat:!1,relative; metadata:created_at 2019_04_27; reference:url, urlhaus.abuse.ch/url/186282/; classtype:trojan-activity;sid:81049382; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (181178)"; flow:established,from_client; content:"GET"; http_method; content:"/soft1/sc2_tool.zip"; http_uri; depth:19; isdataat:!1,relative; nocase; content:"dl.198424.com"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_20; reference:url, urlhaus.abuse.ch/url/181178/; classtype:trojan-activity;sid:81044278; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (175859)"; flow:established,from_client; content:"GET"; http_method; content:"/admin/swfupload/css/inf.inf"; http_uri; depth:28; isdataat:!1,relative; nocase; content:"meeweb.com"; http_host; depth:10; isdataat:!1,relative; metadata:created_at 2019_04_11; reference:url, urlhaus.abuse.ch/url/175859/; classtype:trojan-activity;sid:81038959; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (170261)"; flow:established,from_client; content:"GET"; http_method; content:"/eng/wp-content/plugins/featurific-for-wordpress/2"; http_uri; depth:50; isdataat:!1,relative; nocase; content:"jointings.org"; http_host; depth:13; isdataat:!1,relative; metadata:created_at 2019_04_02; reference:url, urlhaus.abuse.ch/url/170261/; classtype:trojan-activity;sid:81033361; rev:1;) alert http $HOME_NET any -> $EXTERNAL_NET any (msg:"URLhaus Known malware download URL detected (101043)"; flow:established,from_client; content:"GET"; http_method; content:"/employeemasterimages/qace.jpg"; http_uri; depth:30; isdataat:!1,relative; nocase; content:"livetrack.in"; http_host; depth:12; isdataat:!1,relative; metadata:created_at 2019_01_02; reference:url, urlhaus.abuse.ch/url/101043/; classtype:trojan-activity;sid:80964143; rev:1;) # Number of entries: 15735